14 matches found
PT-2026-41140
Name of the Vulnerable Software and Affected Versions Portainer Community Edition versions 2.33.0 through 2.33.7 Portainer Community Edition versions 2.39.0 through 2.39.1 Portainer Community Edition versions prior to 2.41.0 Description Portainer includes a security setting to disable bind mounts...
CVE-2026-32680
The installer of RATOC RAID Monitoring Manager for Windows allows to customize the installation folder. If the installation folder is customized to some non-default one, the folder may be left with un-secure ACLs and non-administrative users can alter contents of that folder. It may allow a...
CVE-1999-0562
The registry in Windows NT can be accessed remotely by users who are not administrators...
CVE-2025-13765
Exposure of email service credentials to users without administrative rights in Devolutions Server.This issue affects Devolutions Server: before 2025.2.21, before 2025.3.9...
CVE-2025-62520 MantisBT unauthorized disclosure of private project column configuration
Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, due to insufficient access-level checks, any non-admin user with access to manageconfigcolumnspage.php can use the Copy From action to retrieve the columns configuration from a private project they have no...
CVE-2025-53105 GLPI permits unauthorized rules execution order
GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...
CVE-2025-22219
VMware Aria Operations for Logs contains a stored cross-site scripting vulnerability. A malicious actor with non-administrative privileges may be able to inject a malicious script that can perform stored cross-site scripting may lead to arbitrary operations as admin user...
Atlassian Jira < 8.6.0 Non-Administrators Able To Configure Replication Settings
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.21.0. It is, therefore, affected by a vulnerability which permits authenticated yet non-administrator remote attackers to edit the File Replication settings via a Broken...
Atlassian Jira < 8.6.0 / 8.7.x < 8.13.12 / 8.14.x < 8.20.1 / 8.21.0 (JRASERVER-72940)
The version of Atlassian Jira installed on the remote host is prior to 8.6.0 / 8.7.x 8.13.12 / 8.14.x 8.20.1 / 8.21.0. It is, therefore, affected by a vulnerability as referenced in the JRASERVER-72940 advisory. - Non-administrators can edit the File Replication settings - CVE-2021-41308...
Phabricator: Global default settings page is accessible to non-administrators
If you go to /settings/, it correctly redirects to /settings/user/username/ and does not give you the option to change global default settings. However if you go straight to /settings/builtin/global/, any user can edit the global default settings. According to https://secure.phabricator.com/D1604...
Vulnerability fixed in Mendix
The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...
DEBIAN-CVE-2018-1106
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system...
Allow non-Administrators to be able to modify workflows
As an IT Manager, by having to add users to the Administrators group in order to edit and manage workflows is prohibitive to the administration and security of our Jira environment. While I want users to create, manage and edit workflows, I do NOT want them creating or modifying accounts which...
CVE-1999-0562
The registry in Windows NT can be accessed remotely by users who are not administrators...