CVE-2026-44832

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/id with permissionsadmin=1. The API controller only strips the superuser key from the...

CVE-2026-32760

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...

EUVD-2018-10757

Malware in sbrugna...

PT-2024-9695 · Minio +2 · Minio +2

Name of the Vulnerable Software and Affected Versions: MinIO versions prior to RELEASE.2024-12-13T22-19-12Z Description: The issue is related to a privilege escalation vulnerability in the IAM import API of MinIO, which is a high-performance, S3 compatible object store. This vulnerability allows...

Improper Access Control

aimeos/ai-admin-graphql is vulnerable to an Improper Access Control. The vulnerability is due to insufficient restrictions or checks on user roles and permissions, allowing an editor to modify and take over an admin account in the back end...

CVE-2022-1548 Playbook members are allowed to escalate their membership privileges and perform actions restricted to playbook admins.

Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins...