17 matches found
CVE-2026-53645
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...
CVE-2026-53645
FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 allow a low-privileged staff account to grant arbitrary module permissions to itself through the admin API, resulting in persistent privilege escalation. A staff user that only has...
CVE-2026-53645
CVE-2026-53645 affects FOSSBilling prior to 0.8.0. A low-privileged staff member with staff.create_and_edit_staff can call /api/admin/staff/permissions_update to modify their own permissions, bypassing RBAC and enabling persistent privilege escalation. Version 0.8.0 patches the issue. Workarounds...
CVE-2026-35477
InvenTree is an Open Source Inventory Management System. From 1.2.3 to 1.2.6, the fix for CVE-2026-27629 upgraded the PARTNAMEFORMAT validator to use jinja2.sandbox.SandboxedEnvironment. However, the actual renderer in part/helpers.py was not updated and still uses the non-sandboxed...
EUVD-2026-20592
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...
PT-2026-31436
InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...
CVE-2026-33423
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, staff can modify any user's group notification level. Versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2 contain a patch. No known workarounds are available...
CVE-2026-1704
CVE-2026-1704 affects the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (all versions up to and including 1.6.9.29). The root cause is Insecure Direct Object Reference via get_item_permissions_check, which grants access to the ssa_manage_appointments capability with...
CVE-2026-27629
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVE-2026-27629
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
EUVD-2026-8602
InvenTree is an Open Source Inventory Management System. Prior to version 1.2.3, insecure server-side templates can be hijacked to expose secure information to the client. When generating custom batch codes, the InvenTree server makes use of a customizable jinja2 template, which can be modified b...
CVAT.ai CVAT security vulnerability
CVAT.ai CVAT is an open-source data processing tool developed by CVAT.ai. Versions of CVAT.ai prior to 2.54.0 contained security vulnerabilities. These vulnerabilities stemmed from the ability for users in a staff status to freely change their own permissions, potentially leading to privilege...
EUVD-2010-0636
Malware in sbrugna...
CVE-2024-1094
The CVE-2024-1094 entry concerns the Timetics WP Timetics- AI-powered Appointment Booking with Visual Seat Plan and Calendar Scheduling plugin for WordPress. Affected versions are all up to and including 1.0.21, with a missing capability check in make_staff() that allows unauthenticated users to ...
Shopify: Non-store owners can transfer Shopify-managed domain to another domain provider
A vulnerability was found where Shopify staff members without the 'Transfer domain to another Shopify store' permission were able to transfer Shopify-managed domains to external domain providers. This allowed non-store owners to transfer store domains outside of Shopify's control...
Shopify: Removed staff members who had "Manage shops" permission can still create development stores
Details: It's been found that staff members of an organization in partners.shopify.com can have a permission to manage shops and those with that permission can create development stores that will be associated with the organization. When a staff member tries to create a development store, a POST...
CVE-2010-0605
SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users, with "Staff" permissions, to execute arbitrary SQL commands via the input parameter...