CVE-2026-27447

A flaw was found in OpenPrinting CUPS. This authorization bypass vulnerability allows an unprivileged user to gain unauthorized access to restricted operations. This can be exploited by using a username that differs only in case from an authorized user during authorization checks. Mitigation...

UBUNTU-CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

CVE-2026-27447

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, CUPS daemon cupsd contains an authorization bypass vulnerability due to case-insensitive username comparison during authorization checks. The vulnerability allows an...

EUVD-2026-14938

Craft CMS: Unauthenticated Users Can Perform Restricted Project Config Sync Operations...

EUVD-2023-35662

Malicious code in bioql PyPI...

CVE-2025-47713 Apache CloudStack: Domain Admin can reset Admin password in Root Domain

A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

CVE-2024-52312 affects data.all (open source framework). The issue stems from inconsistent authorization permissions that may allow an authenticated external actor to perform restricted operations on DataSets and Environments. Documents provide MEDIUM severity (CVSS 3.1/4.0) and describe the root...

RHEL 8 : python-pillow (RHSA-2020:0566)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:0566 advisory. The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal...

Arista Networks CloudVision Portal Privilege Vulnerability

Arista Networks CloudVision Portal is a suite of web-based user management portals for the CloudVision platform from Arista Networks, USA. The product includes features such as network device configuration, compliance management, change management, and network monitoring and management. A...

Sharp AQUOS PhotoPlayer HN-PP150 Cross-Site Request Forgery Vulnerability

Sharp AQUOS PhotoPlayer HN-PP150 is a photo player product from Sharp Japan. The product offers slide show presentations, photo printing, and other features. A cross-site request forgery vulnerability exists in Sharp AQUOS PhotoPlayer HN-PP150 versions 1.02.00.04 through 1.03.01.04, which...

Revive Adserver Unauthorized Operation Vulnerability

Revive Adserver is an open source ad management system from the Revive Adserver team. A security vulnerability in Revive Adserver versions prior to 3.2.2 can be exploited by remote attackers to perform restricted operations with the help of unexpired sessions established by deleted or disconnecte...

CVE-2007-1056

VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is...

CVE-2007-1056

VMware Workstation 5.5.3 build 34685 does not provide per-user restrictions on certain privileged actions, which allows local users to perform restricted operations such as changing system time, accessing hardware components, and stopping the "VMware tools service" service. NOTE: exploitation is...

CVE-2002-0858

catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges...