CVE-2026-32176

Improper neutralization of special elements used in an sql command 'sql injection' in SQL Server allows an authorized attacker to elevate privileges locally...

CVE-2026-20926 Windows SMB Server Elevation of Privilege Vulnerability

...

CVE-2023-50104

ZZCMS 2023 has a file upload vulnerability in 3/Ebak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code...

EUVD-2020-1746

Malware in sbrugna...

EUVD-2019-11649

Malware in sbrugna...

EUVD-2002-0976

Malware in sbrugna...

EUVD-2006-0221

Malware in sbrugna...

EUVD-2017-9975

Malware in sbrugna...

EUVD-2025-24368

Malicious code in bioql PyPI...

CVE-2025-47811

In Wing FTP Server through 7.4.4, the administrative web interface listening by default on port 5466 runs as root or SYSTEM by default. The web application itself offers several legitimate ways to execute arbitrary system commands i.e., through the web console or the task scheduler, and they are...

CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage

An unauthorized user may leverage a specially crafted aggregation pipeline to access data without proper authorization due to improper handling of the $mergeCursors stage in MongoDB Server. This may lead to access to data without further authorisation. This issue affects MongoDB Server MongoDB...

CVE-2025-36048 IBM webMethods Integration Sever code execution

IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges...

CVE-2023-37878

Insecure default permissions in Wing FTP Server Admin Web Client allows for privilege escalation.This issue affects Wing FTP Server: = 7.2.0...

CVE-2018-25040

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the publ...

CVE-2011-1321

The AuthCache purge implementation in the Security component in IBM WebSphere Application Server WAS 6.1.0.x before 6.1.0.37 and 7.x before 7.0.0.15 does not purge a user from the PlatformCredential cache, which might allow remote authenticated users to gain privileges by leveraging a group...

CVE-2025-30000

A vulnerability has been identified in Siemens License Server SLS All versions V4.3. The affected application does not properly restrict permissions of the users. This could allow a lowly-privileged attacker to escalate their privileges...

CVE-2022-25311

A vulnerability has been identified in SINEC NMS All versions = V1.0.3 V2.0, SINEC NMS All versions V1.0.3, SINEMA Server V14 All versions. The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This coul...

ROS-20250121-05

A vulnerability in the modsql component of the ProFTPD FTP server is related to privilege management errors. Exploitation of the vulnerability could allow an attacker acting remotely to elevate his privileges to the root user...

File upload vulnerability in the education cloud platform of Beijing Zhongqing Modern Technology Co. Ltd (CNVD-C-2024-945982)

Beijing Zhongqing Modern Technology Co., Ltd. is a high-tech enterprise founded in 1993, specializing in providing educational users with products and solutions such as recording and broadcasting system, three classrooms and smart classrooms. A file upload vulnerability exists in the education...

FeehiCMS code issue vulnerability (CNVD-2024-37609)

FeehiCMS is a content management system CMS based on the Yii2 framework, aiming to provide Yii2 enthusiasts with a full-featured CMS system so that developers can focus more on the development of business functions. A security vulnerability exists in FeehiCMS. The vulnerability is related to the...