Omni: Operator can traverse image-factory API paths via unsanitized `talos_version` in CreateSchematic

Summary managementServer.CreateSchematic internal/backend/grpc/schematics.go passes the caller-controlled TalosVersion field directly to imageFactoryClient.OverlaysVersions, which embeds it verbatim into a fmt.Sprintf"/version/%s/overlays/official", talosVersion path template. url.URL.JoinPath...

CVE-2026-41404 OpenClaw < 2026.3.31 - Operator Admin Privilege Escalation via Trusted-Proxy Authentication

OpenClaw before 2026.3.31 contains an incomplete scope-clearing vulnerability in trusted-proxy authentication mode that allows operator.admin privilege escalation. Attackers can exploit this by declaring operator scopes on non-Control-UI clients, allowing self-declared scopes to persist on...

Windmill 安全漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.56.0 to 1.614.0 contain security vulnerabilities. These vulnerabilities stem from lack of authorization, which may allow users with the Operator role to perform prohibited entity creation an...

Dagu affected by unauthenticated RCE via inline DAG spec in default configuration

Summary Dagu's default configuration ships with authentication disabled. The POST /api/v2/dag-runs endpoint accepts an inline YAML spec and executes its shell commands immediately with no credentials required — any dagu instance reachable over the network is fully compromised by default. Details...

CVE-2025-59469

This vulnerability allows a Backup or Tape Operator to write files as root...

EUVD-2021-2283

Malware in sbrugna...

EUVD-2022-2210

Malicious code in bioql PyPI...

BIT-VAULT-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

CVE-2025-5999

A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...

CVE-2023-21418

AXIS OS vulnerability CVE-2023-21418 affects the VAPIX API irissetup.cgi, where path traversal could delete files. Exploitation requires authentication with an operator- or administrator-privileged service account, with impact higher on administrator privileges and lower on operator accounts (non...

F5 BIG-IP DNS TMUI Denial of Service Vulnerability

F5 BIG-IP is an application delivery platform from F5 that integrates network traffic orchestration, load balancing, intelligent DNS, remote access policy management, etc. A denial-of-service vulnerability exists in the F5 BIG-IP DNS TMUI, which can be exploited by an authenticated attacker with ...

GHSA-3MCP-6RV6-C69G baserCMS arbitrary file upload vulnerability

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers with a site operator privilege to upload arbitrary files...

baserCMS arbitrary file upload vulnerability

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers with a site operator privilege to upload arbitrary files...

CVE-2018-0571

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers with a site operator privilege to upload arbitrary files...

CVE-2018-0571

baserCMS baserCMS 4.1.0.1 and earlier versions, baserCMS 3.0.15 and earlier versions allows remote attackers with a site operator privilege to upload arbitrary files...

FreeBSD : sircd -- remote operator privilege escalation vulnerability (e92d8f6b-a1c0-11db-9ddc-0011098b2f36)

Secunia reports : A vulnerability has been reported in sircd, which can be exploited by malicious users to gain operator privileges. The problem is that any user reportedly can set their usermode to operator. The vulnerability has been reported in versions 0.5.2 and 0.5.3. Other versions may also...

sircd -- remote operator privilege escalation vulnerability

Secunia reports: A vulnerability has been reported in sircd, which can be exploited by malicious users to gain operator privileges. The problem is that any user reportedly can set their usermode to operator. The vulnerability has been reported in versions 0.5.2 and 0.5.3. Other versions may also ...