Lucene search
K

66 matches found

cvelist
cvelist
added 2025/09/02 7:48 p.m.9 views

CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...

8.8CVSS0.00654EPSS
Exploits0References2
zdi
zdi
added 2025/07/24 12:0 a.m.3 views

ATEN eco DC Missing Authorization Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when...

8.8CVSS7.2AI score0.00654EPSS
Exploits0References1
osv
osv
added 2025/04/24 12:15 a.m.13 views

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

4.3CVSS5.8AI score0.00312EPSS
Exploits1References3
ptsecurity
ptsecurity
added 2024/10/23 12:0 a.m.5 views

PT-2024-7464 · Cisco · Cisco Secure Firewall Management Center

Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remo...

6.8CVSS6.9AI score0.00479EPSS
Exploits0References6
cnvd
cnvd
added 2024/06/13 12:0 a.m.2 views

Lunary Access Control Error Vulnerability

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS5.1AI score0.00298EPSS
Exploits1References1
cnnvd
cnnvd
added 2024/06/06 12:0 a.m.6 views

Lunary 访问控制错误漏洞

lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...

5.4CVSS6.5AI score0.00298EPSS
Exploits1References3
osv
osv
added 2024/06/05 3:10 p.m.29 views

GO-2024-2794 Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server

Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server...

2.7CVSS3.4AI score0.00502EPSS
Exploits0References6
redhatcve
redhatcve
added 2024/04/26 12:11 p.m.23 views

CVE-2024-4195

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.8AI score0.00502EPSS
Exploits0References4
redhatcve
redhatcve
added 2024/04/26 11:47 a.m.37 views

CVE-2024-4198

A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests...

2.7CVSS3.7AI score0.00502EPSS
Exploits0References4
osv
osv
added 2024/04/26 9:30 a.m.28 views

GHSA-5FH7-7MW7-MMX5 Mattermost allows team admins to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.3AI score0.00502EPSS
Exploits0References5
github
github
added 2024/04/26 9:30 a.m.22 views

Mattermost allows team admins to promote guests to team admins

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2024/04/26 9:15 a.m.24 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.5AI score0.00502EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/26 8:26 a.m.11 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.6AI score0.00502EPSS
Exploits0References1
osv
osv
added 2024/04/26 8:26 a.m.7 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References3
cvelist
cvelist
added 2024/04/26 8:26 a.m.32 views

CVE-2024-4198

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
osv
osv
added 2024/04/26 8:26 a.m.6 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS6.5AI score0.00502EPSS
Exploits0References3
cvelist
cvelist
added 2024/04/26 8:26 a.m.26 views

CVE-2024-4195

Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...

2.7CVSS3.9AI score0.00502EPSS
Exploits0References1
code423n4
code423n4
added 2023/06/13 12:0 a.m.14 views

Missing Role Validation in LlamaAbsoluteStrategyBase.sol

Lines of code Vulnerability details Bug Description: The LlamaAbsoluteStrategyBase contract serves as a base contract for Llama strategies and implements various functions for action creation, approval, disapproval, and cancellation. However, it fails to validate the roles used in some critical...

6.8AI score
Exploits0
veracode
veracode
added 2019/01/15 9:15 a.m.25 views

Privilege Escalation

cfme is vulnerable to privilege escalation attacks. The vulnerability exists as a logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an...

4.9CVSS5.4AI score0.01472EPSS
Exploits0References246Affected Software3
osv
osv
added 2018/07/27 7:29 p.m.5 views

CVE-2017-2632

A logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges...

4.9CVSS5.8AI score0.01472EPSS
Exploits0References3
Rows per page
Query Builder