145 matches found
EUVD-2025-29155
Malicious code in bioql PyPI...
CVE-2025-27236
A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...
CVE-2025-59378
In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it even after the build has ended...
Realistic Environmental Injection Attacks on GUI Agents
GUI agents built on LVLMs are increasingly used to interact with websites. However, their exposure to open-world content makes them vulnerable to Environmental Injection Attacks EIAs that hijack agent behavior via webpage elements. Many recent studies assume the attacker to be a regular user who...
[SECURITY] Fedora 41 Update: podman-5.6.1-1.fc41
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
CVE-2019-17296
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Contacts module by a Regular user...
CVE-2019-17294
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the export function by a Regular user...
CVE-2019-17295
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the history function by a Regular user...
CVE-2019-17316
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...
CVE-2019-17293
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the pmseProject module by a Regular user...
CVE-2019-17312
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the file function by a Regular user...
CVE-2019-17297
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Quotes module by a Regular user...
CVE-2019-17319
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows SQL injection in the Emails module by a Regular user...
CVE-2019-17311
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows directory traversal in the attachment function by a Regular user...
CVE-2019-17305
SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP code injection in the MergeRecords module by a Regular user...
Ensure That Old Passwords Are Verified When Users Change Them
To prevent a third party from maliciously changing the password of another user, the old password must be verified when a user changes the password. According to the common practice in the industry, the old password does not need to be verified when the root user changes its own password. The roo...
CVE-2025-2242
CVE-2025-2242 describes an improper access-control vulnerability in GitLab CE/EE that lets a former instance admin, downgraded to a regular user, retain elevated privileges to groups and projects across GitLab versions 17.4 through 17.8.6, 17.9 through 17.9.3, and 17.10 through 17.10.1. The provi...
Peppermint 访问控制错误漏洞
Peppermint is an open source ticket management system from Peppermint Labs. A security vulnerability exists in Peppermint version 0.4.6 that stems from improper access control that allows a regular user to elevate privileges to administrator...
[SECURITY] Fedora 41 Update: podman-5.3.2-1.fc41
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability
About Elevation of Privilege - needrestart CVE-2024-48990 vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003 used in Ubuntu...