52 matches found
EUVD-2026-42249
Capgo before 12.128.2 contains a broken access control vulnerability in the organization management API where a scoped API key limitedtoorgs inherits its owner-user's permissions, allowing destructive cross-organization actions. When a user is an admin in two organizations and creates a write-mod...
CVE-2026-52800
Gogs is an open source self-hosted Git service. Prior to 0.14.3, organization team member management can be performed via GET requests without CSRF protection. If a victim who is an organization owner is logged in and is tricked into visiting a crafted link, an attacker-controlled user can be add...
EUVD-2026-38166
Capgo before 12.128.2 contains a potential privilege escalation vulnerability in the public.applyusageoverage SECURITY DEFINER function, which performs sensitive billing operations without enforcing internal authorization checks no validation of auth.uid, org membership, or checkminrights. Becaus...
CVE-2026-22872
Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets the namespace, this is ineffective for cluster-scoped resources. Prior to version 0.13.0, tenant...
CVE-2026-40258
The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability Zip Slip in the media archive import feature. An authenticated user with owner-level privileges can craft a malicious ZIP file with...
PT-2026-28446
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12 Description OpenClaw before version 2026.3.12 has an insufficient access control issue in the /config and /debug command handlers. Command-authorized non-owners can access owner-only surfaces, allowing them...
Command Injection
Overview Affected versions of this package are vulnerable to Command Injection via the command execution functionality. An attacker can execute a malicious binary through the application, which will run with the privileges of the service owner. Remediation There is no fixed version for...
postgresql: CREATE STATISTICS does not check for schema CREATE privilege
A vulnerability has been identified in PostgreSQL’s CREATE STATISTICS command where the database does not check that the user has the required schema CREATE privilege. A table owner user could create a statistics object in any schema, blocking other users who legitimately hold CREATE STATISTICS...
Google Looker 安全漏洞
Google Looker is an intelligent business platform from Google, Inc USA. A security vulnerability exists in Google Looker that originates from a user being able to inject malicious SQL statements, which could lead to the execution of a SQL injection attack with report owner privileges...
EUVD-2018-11878
Malware in sbrugna...
EUVD-2018-5453
Malware in sbrugna...
CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...
CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation
Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...
CVE-2023-1084
An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may create a Project Access Token with Owner level privileges using a crafted request...
Leantime allows Cross-Site Request Forgery (CSRF)
CSRF Summary A cross-site request forgery vulnerability allows a remote actor to create an account with Owner privileges. By luring an Owner or Administrator into clicking a button on an attacker-controlled website, a request will be issued, generating an account with the attacker's information a...
Microsoft SharePoint Server Code Injection Vulnerability
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely...
BIT-GITLAB-2024-1299 Privilege Chaining in GitLab
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...
Improper Authorization
GitLab is vulnerable to Improper Authorization. The vulnerability is due to a privilege escalation flaw in GitLab. Users with a custom role of managegroupaccesstokens could rotate group access tokens with owner privileges, allowing them to escalate their privileges within the system...
CVE-2024-1299
A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of managegroupaccesstokens to rotate group access tokens with owner privileges...
PT-2024-17852 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 16.8 prior to 16.8.4 GitLab versions 16.9 prior to 16.9.2 Description: A privilege escalation issue was discovered in GitLab. It was possible for a user with a custom role of manage group access tokens to rotate group access...