254 matches found
GHSA-9WCP-79G5-5C3C Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
Summary The /api/v1/users/super endpoint enforces a restriction that only one super user Instance Administrator can be created during initial setup. However, due to a Time-of-Check-Time-of-Use TOCTOU race condition in the signupAndLoginSuper method, concurrent requests can bypass this restriction...
Astra Linux – Vulnerability in Mariadb 10.3
A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server up to 2021-03-03; and the wsrep patch up to 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUP...
Astra Linux – Vulnerability in Linux 5.10
In the kernel/bpf/hashtab.c file within the Linux kernel, up to version 5.13.8, there is an integer overflow and out-of-bounds write vulnerability when multiple elements are placed in a single bucket. NOTE: Exploitation may be impractical without the CAPSYSADMIN capability...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
CVE-2025-59709
An issue was discovered in Biztalk360 through 11.5. because of mishandling of user-provided input in a path to be read by the server, a Super User attacker is able to read files on the system and/or coerce an authentication from the service, aka Directory Traversal...
MiracleLinux 8 : mariadb:10.3 (AXSA:2021-1698:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1698:01 advisory. mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user CVE-2021-27928 Tenable has...
CVE-2020-7240
Meinberg Lantime M300 and M1000 devices allow attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script aka Extended Network Configuration. Note: According to the description, the vulnerability requires a fully authenticated...
CVE-2020-36908
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...
CVE-2020-36908
The CVE-2020-36908 entry concerns the Secure Computing SnapGear Management Console SG560 (v3.1.5). The vulnerability is a CSRF flaw that lets an attacker perform administrative actions without user consent by enticing a logged-in user to visit a malicious page; a crafted request can auto-create a...
CVE-2020-36908 Secure Computing SnapGear Management Console SG560 3.1.5 Cross-Site Request Forgery via Admin Users
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...
PT-2026-1443
SnapGear Management Console SG560 version 3.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft a malicious web page that automatically submits a form to create a new super user account with full...
EUVD-2025-206085
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...
CVE-2021-47741
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...
CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...
CVE-2021-47741 ZBL EPON ONU Broadband Router V100R001 Privilege Escalation via Configuration Endpoint
ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...
VulnCheck KEV: CVE-2024-55963
An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of...
EUVD-2021-24413
Malware in sbrugna...
EUVD-2015-4553
Malware in sbrugna...