69 matches found
CVE-2026-39942
Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, the PATCH /files/id endpoint accepts a user-controlled filenamedisk parameter. By setting this value to match the storage path of another user's file, an attacker can overwrite that file's content...
CVE-2025-15310
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15310
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
Tanium Patch Endpoint Tools 安全漏洞
Tanium Patch Endpoint Tools is a patch management component developed by the American company Tanium. Tanium Patch Endpoint Tools has a security vulnerability, which stems from an increase in local privileges...
CVE-2025-15319
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15310
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15310 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15310
Summary: CVE-2025-15310 concerns a local privilege escalation in Tanium Patch Endpoint Tools. The connected sources consistently describe a local-privilege escalation impact affecting the Patch Endpoint Tools component; the CVSS data indicates local attack vector, low access complexity, and low p...
CVE-2025-15310 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15319
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
CVE-2025-15319 Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools...
PT-2026-7188
Name of the Vulnerable Software and Affected Versions Tanium Patch Endpoint Tools affected versions not specified Description Tanium addressed a local privilege escalation issue in Patch Endpoint Tools. This allows an attacker with local access to gain elevated privileges on the system...
CVE-2025-66451
LibreChat (ChatGPT clone) prior to version 0.8.1 is affected by improper input validation in the prompt-creation API. In versions 0.8.0 and below, PATCH /api/prompts/groups/:groupId accepts req.body without filtering sensitive fields, allowing modifications to prompts beyond intended front-end be...
CVE-2025-66451 LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prompts via PATCH endpoint for prompt groups /api/prompts/groups/:groupId. However, the request bodies are not sufficiently validated for prop...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/ppusers endpoint fails to adequately check user permissions before processing a PATCH request to modify the PPSECURITYPROFILEID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using...
PT-2025-48072
Primakon Pi Portal 1.0.18 /api/v2/pp users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP SECURITY PROFILE ID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP...
CVE-2025-63227
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files e.g., PHP webshells, which are stored in the /patch/ directory. This...
CVE-2025-63227
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files e.g., PHP webshells, which are stored in the /patch/ directory. This...
CVE-2025-63227
The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unrestricted file upload vulnerability in the /patch.php endpoint. An attacker with administrative credentials can upload arbitrary files e.g., PHP webshells, which are stored in the /patch/ directory. This...