69 matches found
EUVD-2017-11793
Malware in sbrugna...
CVE-2025-6685
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
CVE-2025-6685
ATEN eco DC contains a missing authorization flaw in its web-based interface that can enable privilege escalation. The issue arises from not validating the assigned user role when handling requests, allowing an attacker with network access to escalate privileges to restricted resources; authentic...
CVE-2025-6685 ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The...
ATEN eco DC Missing Authorization Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of ATEN eco DC. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based interface. The issue results from the lack of validating the assigned user role when...
CVE-2025-27581
NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...
PT-2024-7464 · Cisco · Cisco Secure Firewall Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remo...
Lunary Access Control Error Vulnerability
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
Lunary 访问控制错误漏洞
lunary is a production toolkit for LLM. An access control error vulnerability exists in lunary that stems from insufficient validation of roles and permissions on the backend. An attacker could exploit this vulnerability to cause information disclosure...
GO-2024-2794 Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server
Mattermost fails to fully validate role changes in github.com/mattermost/mattermost-server...
CVE-2024-4195
A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4198
A flaw was found in Mattermost, where it failed to fully validate role changes. This flaw allows an attacker authenticated as team admin to demote users to guests via crafted HTTP requests...
GHSA-5FH7-7MW7-MMX5 Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
Mattermost allows team admins to promote guests to team admins
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4198
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes which allows an attacker authenticated as team admin to demote users to guest via crafted HTTP requests...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...
CVE-2024-4195
Mattermost versions 9.6.0, 9.5.x before 9.5.3, and 8.1.x before 8.1.12 fail to fully validate role changes, which allows an attacker authenticated as a team admin to promote guests to team admins via crafted HTTP requests...