Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-4916

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...

2.7CVSS5.5AI score0.00348EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.5AI score0.00227EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/14 12:31 a.m.12 views

EUVD-2026-30205

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 11:16 p.m.14 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS0.00227EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/13 10:7 p.m.8 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
CVE
CVE
added 2026/05/13 10:7 p.m.16 views

CVE-2026-32991

CVE-2026-32991 arises from improper authorization checks of team member privileges in cPanel & WHM, enabling a team member to escalate to the team owner account. The PT Security entries consolidate multiple CVEs and indicate a patch will be released May 13, 1:00 PM EST, addressing CVE-2026-32991 ...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 10:7 p.m.14 views

CVE-2026-32991

Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...

7.1CVSS5.8AI score0.00227EPSS
Exploits0References2Affected Software3
Positive Technologies
Positive Technologies
added 2024/10/01 12:0 a.m.6 views

PT-2024-21052 · Elabftw · Elabftw

Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0 Description: The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially...

8.8CVSS7.1AI score0.00396EPSS
Exploits0References11
Hacker One
Hacker One
added 2022/08/17 6:22 p.m.18 views

Stripe: [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure

@mrasg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account. I discovered a Vulnerability that allows the user who has member privileges to connect new carts to the Taxjar account , like...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/12/19 12:0 a.m.16 views

Galette SQL Injection Vulnerability

Galette is a membership management web application built for non-profit organizations and released under the GPLv3. A SQL injection vulnerability exists in versions of Galette prior to 0.9.6. An attacker with "member" privileges could use this vulnerability to launch an SQL injection attack...

8.8CVSS4AI score0.01051EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/12/16 12:0 a.m.4 views

Galette SQL注入漏洞

Galette is a membership management web application built for non-profit organizations and released under the GPLv3. A SQL injection vulnerability exists in versions of Galette prior to 0.9.6. An attacker with "member" privileges could use this vulnerability to launch an SQL injection attack...

8.8CVSS5.9AI score0.01051EPSS
Exploits0References2
Rows per page
Query Builder