EUVD-2025-206813

A vulnerability has been discovered in eladmin v2.7 and before. This vulnerability allows for an arbitrary user password reset under any user permission level...

PT-2024-15188 · WordPress · Custom Field For Wp Job Manager

Name of the Vulnerable Software and Affected Versions: Custom Field For WP Job Manager plugin for WordPress version 1.2 and earlier Description: The issue allows authenticated attackers with contributor-level access and above to expose potentially sensitive post metadata due to missing validation...

BIT-GITLAB-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2024-0759

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

CVE-2024-0759

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

Authentication flaw

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

CVE-2024-0759 Collection of internally resolving IPs

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be...

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...

CVE-2024-0439

As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request...

CVE-2024-0439

CVE-2024-0439 describes a privilege-management flaw where manager-level users can modify restricted settings via direct HTTP requests despite UI-level protections. The issue is not labeled as critical in the sources, but multiple advisories note it should be patched to enforce the intended permis...

Improper Input Validation in Apache Unomi

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...

CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC Role based access control role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level...

CVE-2020-7383 SQL Injection in Rapid7 Nexpose

A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access...

CVE-2020-13151

Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions UDFs, written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute calls, but this is insufficient. Anyone with network access can use a...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

CVE-2020-10088

GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level...

FreeBSD : Gitlab -- Multiple Vulnerabilities (62f2182c-5f7a-11ea-abb7-001b217b3468)

Gitlab reports : Directory Traversal to Arbitrary File Read Account Takeover Through Expired Link Server Side Request Forgery Through Deprecated Service Group Two-Factor Authentication Requirement Bypass Stored XSS in Merge Request Pages Stored XSS in Merge Request Submission Form Stored XSS in...

CVE-2018-11277

The CVE-2018-11277 issue affects Snapdragon devices (Automobile, Mobile, Wear) with listed MSM/SD platforms where the vendor package com.qualcomm.embms is deployed in the system image and has an inadequate permission level. This allows any app installed from the Play Store to request this permiss...

CVE-2017-6866

A vulnerability was discovered in Siemens XHQ server 4 and 5 4 before V4.7.1.3 and 5 before V5.0.0.2 that could allow an authenticated low-privileged remote user to gain read access to data in the XHQ solution exceeding his configured permission level...