447 matches found
CVE-2020-10130
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...
CVE-2023-45581
An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...
CVE-2026-21483
CVE-2026-21483 affects listmonk prior to 6.0.0. A lower-privileged user with campaign-management permissions can inject malicious JavaScript into campaigns or templates. When a Super Admin views or previews the content, a stored XSS executes in the admin’s browser context, enabling actions such a...
PT-2026-1133
Name of the Vulnerable Software and Affected Versions listmonk versions prior to 6.0.0 Description listmonk is a self-hosted newsletter and mailing list manager. A user with campaign management permissions, but lower privileges, can inject malicious JavaScript into campaigns or templates. When a...
CVE-2020-36902
CVE-2020-36902 affects UBICOD Medivision Digital Signage 1.5.1. Affected component: authorization logic accessible via the /html/user endpoint. Root cause: manipulation of the ft[grp] parameter allows normal users to escalate privileges to super admin without authentication. Impact: unauthorized ...
Linux Distros Unpatched Vulnerability : CVE-2025-27232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
UBUNTU-CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
CVE-2025-27232
CVE-2025-27232 affects Zabbix where an authenticated Zabbix Super Admin can use the oauth.authorize action to read arbitrary files from the webserver, leading to potential confidentiality loss. The connected sources (NVD, OSV/Ubuntu, Debian, Alpine, CIRCL, CVE list, EUVD-ENISA, etc.) confirm the ...
PT-2025-48442
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...
EUVD-2025-198001
Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. The vendor was notified early about this vulnerability, but didn't respond with the detail...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Collections or Taxonomies components. An attacker can execute arbitrary JavaScript in the context of a higher-privileged user's session by injecting malicious scripts into content fields, leading to...
CVE-2025-27231
The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...
EUVD-2007-6607
Malware in sbrugna...
EUVD-2014-5138
Malware in sbrugna...
EUVD-2010-5255
Malware in sbrugna...
EUVD-2017-15801
Malware in sbrugna...
EUVD-2015-7587
Malware in sbrugna...
EUVD-2015-3693
Malware in sbrugna...
EUVD-2020-2593
Malware in sbrugna...
EUVD-2020-16463
Malware in sbrugna...