SUSE CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

CVE-2026-11793 389-ds-base: 389-ds-base: stack buffer overflow in checkprefix() algorithm id parsing

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

CVE-2026-11793

A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when parsing reversible-encrypted attribute values. An attacker with Directory Manager privileges can...

CVE-2026-43510 CISA manage.get.gov insecure portfolio administrative privileges

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

CVE-2026-43510

The CVE concerns the manage.get.gov registrar (CISA) where an organization administrator could assign domain manager privileges for domains not already in another organization. The issue is fixed in version 1.176.0 (on or around 2026-04-30). Affected scope and exact root cause are not detailed be...

CVE-2026-43510

manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30...

Vulnerabilities fixed in Microsoft Windows

Microsoft has fixed vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Manipulation of data - Accessing sensitive data - Execution of arbitrary code user privileges -...

CVE-2025-3234

CVE-2025-3234 affects the WordPress plugin File Manager Pro – Filester, vulnerable in all versions up to and including 1.8.8 due to missing file type validation. The issue allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the server, with the ex...

CVE-2025-3611 Improper Access Control in Mattermost allows System Managers to view team details despite role restrictions

Mattermost versions 10.7.x = 10.7.0, 10.5.x = 10.5.3, 9.11.x = 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team...

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package from the South Korean company Samsung SAMSUNG. It provides patches for Samsung cell phone applications. A security vulnerability exists in SAMSUNG SMR, which stems from improper access control and could allow a local attacker to initiate arbitrary activity wi...

Exploit for CVE-2025-22510

CVE-2025-22510 1️⃣ Component type WordPress plugin 2️...

PT-2024-26969 · Kanboard +1 · Kanboard +1

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.37 Description: The issue is related to the Kanban methodology-based project management software, Kanboard. It involves a vulnerability in the addUser function within the ProjectPermissionController.php file...

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in AnythingLLM that originates from a privilege management error in accounts with manager privileges...

WooCommerce < 7.0.1 - Authenticated(Shop Manager+) Sensitive Information Exposure

Description The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.0.0. This can allow authenticated attackers with Shop Manager privileges or above to extract sensitive user metadata including session tokens...

Unauthorized access to settings update, logs , history, delete etc of repositories

Hey, Attack Scenario: Admin setups new user with User privileges and gives access to repos "/" root directory, after a time due to some reason he revoke the privileges of the directory access but user privileged attacker can still edit settings , check logs and view history without having...

Privilege escalation

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner...

CVE-2022-35735 BIG-IP monitor configuration vulnerability CVE-2022-35735

In BIG-IP Versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and all versions of 13.1.x, an authenticated attacker with Resource Administrator or Manager privileges can create or modify existing monitor objects in the Configuration utility in an undisclosed manner...

Moodle allows attackers to obtain manager privileges

The enrolmetasync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-runni...

CVE-2017-18356

In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection...