66 matches found
CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
PT-2024-7464 · Cisco · Cisco Secure Firewall Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remo...
Lunary Access Control Error Vulnerability
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
Lunary 访问控制错误漏洞
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
GO-2024-2794 Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server
Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server...
CVE-2024-4195
A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4198
A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests...
GHSA-5FH7-7MW7-MMX5 Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
Missing Role Validation in LlamaAbsoluteStrategyBase.sol
Lines of code Vulnerability details Bug Description: The LlamaAbsoluteStrategyBase contract serves as a base contract for Llama strategies and implements various functions for action creation, approval, disapproval, and cancellation. However, it fails to validate the roles used in some critical...
Privilege Escalation
cfme is vulnerable to privilege escalation attacks. The vulnerability exists as a logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an...
CVE-2017-2632
A logic error in validrole in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higher privilege level than the tenant administrator should have. This would allow an attacker with tenant administration access to elevate privileges...