11 matches found
CVE-2026-4916
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom role permissions to demote or remove higher-privileged group members due to improper authorization...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
EUVD-2026-30205
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
CVE-2026-32991
CVE-2026-32991 arises from improper authorization checks of team member privileges in cPanel & WHM, enabling a team member to escalate to the team owner account. The PT Security entries consolidate multiple CVEs and indicate a patch will be released May 13, 1:00 PM EST, addressing CVE-2026-32991 ...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
PT-2024-21052 · Elabftw · Elabftw
Name of the Vulnerable Software and Affected Versions: eLabFTW versions prior to 5.1.0 Description: The issue allows a regular user to become an administrator of a team where they are a member, under a reasonable configuration. In versions subsequent to v5.0.0, it may also allow an initially...
Stripe: [Broken Access Control ] Unauthorized Linking accounts & Linked Accounts info DIsclosure
@mrasg discovered that users of an account with member permissions were improperly allowed to see activated linked accounts and connect new carts to the account. I discovered a Vulnerability that allows the user who has member privileges to connect new carts to the Taxjar account , like...
Galette SQL Injection Vulnerability
Galette is a membership management web application built for non-profit organizations and released under the GPLv3. A SQL injection vulnerability exists in versions of Galette prior to 0.9.6. An attacker with "member" privileges could use this vulnerability to launch an SQL injection attack...
Galette SQL注入漏洞
Galette is a membership management web application built for non-profit organizations and released under the GPLv3. A SQL injection vulnerability exists in versions of Galette prior to 0.9.6. An attacker with "member" privileges could use this vulnerability to launch an SQL injection attack...