Lucene search
K

186307 matches found

BDU FSTEC
BDU FSTEC
added 14 minutes ago15 views

The vulnerability of the Kerberos protocol for Windows operating systems allows attackers to increase their privileges.

The vulnerability of the Kerberos protocol for Windows operating systems is related to errors in the mechanism for handling relative pathnames to the directory. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

9CVSS6.1AI score0.02603EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 14 minutes ago14 views

The vulnerability of the MmMapIoSpace() function in the ThrottleBlood.sys driver allows a hacker to escalate their privileges, execute arbitrary code, or cause a service failure.

The vulnerability of the MmMapIoSpace function in the ThrottleBlood.sys driver, as part of the ThrottleStop utility, is related to open IOCTLs with insufficient access control. Exploiting this vulnerability could allow an attacker to enhance their privileges, execute arbitrary code, or cause...

7.5CVSS6AI score0.06702EPSS
Exploits8References3Affected Software1
CVE
CVE
added 1 hour ago9 views

CVE-2026-49501

CVE-2026-49501 affects Dell PowerScale OneFS for all listed versions (9.5.0.0–9.10.1.7 and 9.11.0.0–9.13.0.2) with an Improper Privilege Management flaw that could allow a highly privileged attacker with local access to elevate privileges. The public descriptions identify the vulnerable component...

6.7CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 7 hours ago164 views

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

9CVSS7AI score0.09919EPSS
Exploits2References5
Nuclei
Nuclei
added 7 hours ago71 views

Alt-n/MDaemon Security Gateway <=8.5.0 - XML Injection

Alt-n/MDaemon Security Gateway through 8.5.0 is susceptible to XML injection via SecurityGateway.dll?view=login. An attacker can inject an arbitrary XML argument by adding a new parameter in the HTTP request URL. As a result, the XML parser fails the validation process and discloses information...

5.3CVSS6.3AI score0.05879EPSS
Exploits1References5
Nuclei
Nuclei
added 7 hours ago80 views

Keycloak - SAML Core Package Signature Validation Flaw

A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The method incorrectly determines whether a SAML signature is for the full document or only for specific assertions based on the position of the signature in the XML document, rather than the Referen...

7.7CVSS6.6AI score0.0203EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago368 views

Qlik Sense Enterprise - HTTP Request Smuggling

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...

9.9CVSS7.1AI score0.84967EPSS
Exploits0References5
Nuclei
Nuclei
added 7 hours ago44 views

Uncanny Automator <= 6.3.0.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

8.8CVSS7AI score0.02474EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago22 views

KodeExplorer 4.51 - Reflective Cross Site Scripting (XSS)

Reflective Cross Site Scripting XSS vulnerability in KodExplorer version 4.51, allows attackers to obtain sensitive information and escalate privileges via the APPHOST parameter at config/i18n/en/main.php. id: CVE-2023-49489 info: name: KodeExplorer 4.51 - Reflective Cross Site Scripting XSS...

6.1CVSS6.4AI score0.00726EPSS
Exploits1References1
Nuclei
Nuclei
added 7 hours ago93 views

Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chan...

9.8CVSS7.2AI score0.18241EPSS
Exploits3References4
Nuclei
Nuclei
added 7 hours ago59 views

Nokri – Job Board WordPress Theme <= 1.6.2 - Unauthenticated Arbitrary Password Change

The Nokri – Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.2. This is due to the plugin not properly checking for an empty token value prior updating their details like password. This makes it...

9.8CVSS7.2AI score0.02145EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago3 views

NVIDIA Triton Inference Server <= 26.02 - Authentication Bypass

NVIDIA Triton Inference Server contains an authentication bypass vulnerability, letting attackers bypass authentication and potentially execute code, escalate privileges, tamper data, cause denial of service, or disclose information, exploit requires no special conditions. id: CVE-2026-24207 info...

9.8CVSS6.1AI score0.02166EPSS
Exploits2References2
Nuclei
Nuclei
added 7 hours ago18 views

HyperComments <= 1.2.2 - Arbitrary Options Update

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...

8.8CVSS6.2AI score0.01718EPSS
Exploits4References2
Nuclei
Nuclei
added 7 hours ago64 views

ZKTeco BioTime <= 9.0.1 - Privilege Escalation

BioTime default employee credentials password 123456 allow login. Sessions are not role-validated, enabling privilege escalation to perform admin actions and enumerate backup files. id: CVE-2023-38952 info: name: ZKTeco BioTime = 9.0.1 - Privilege Escalation author: riteshs4hu severity: high...

9.8CVSS6.9AI score0.03258EPSS
Exploits2References3
Nuclei
Nuclei
added 7 hours ago53 views

Acmailer - Improper Access Control to OS Command Injection

Improper access control vulnerability in acmailer ver. 4.0.1 and earlier, and acmailer DB ver. 1.1.3 and earlier allows remote attackers to execute an arbitrary OS command, or gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified...

10CVSS7.2AI score0.07871EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago21 views

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...

9.8CVSS7AI score0.02112EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago47 views

Easy Digital Downloads - Privilege Escalation

Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. id: CVE-2023-30869 info: name: Easy Digital Downloads - Privilege Escalation author: daffainfo severity: critical...

9.8CVSS7AI score0.031EPSS
Exploits0References3
Nuclei
Nuclei
added 7 hours ago114 views

Cobbler - Authentication Bypass

Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ and possibly even older versions, may be vulnerable to an authentication bypass vulnerability in XMLRPC API /cobblerapi that can result in privilege escalation, data manipulation or exfiltration, and LDAP credential harvesting...

9.8CVSS7AI score0.12484EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago12 views

HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation

The HT Mega plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.2.0. This is due to missing validation of the regrole parameter on the htmegaajaxregister function. This makes it possible for unauthenticated attackers to create administrator accounts. id...

9.8CVSS6.2AI score0.03043EPSS
Exploits0References4
Nuclei
Nuclei
added 7 hours ago19 views

ProfilePress <= 4.13.1 — Unauthenticated Privilege Escalation

Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. id: CVE-2023-41954 info: name: ProfilePress = 4.13.1 — Unauthenticated Privilege Escalation author: daffainfo severity: hi...

8.6CVSS6.1AI score0.01397EPSS
Exploits0References3
Rows per page
Query Builder