Lucene search
K

447 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:53 a.m.10 views

CVE-2020-10130

SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system...

8.8CVSS6.9AI score0.00784EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.8 views

CVE-2023-45581

An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...

8.8CVSS7AI score0.00823EPSS
Exploits0References1
CVE
CVE
added 2026/01/02 8:57 p.m.16 views

CVE-2026-21483

CVE-2026-21483 affects listmonk prior to 6.0.0. A lower-privileged user with campaign-management permissions can inject malicious JavaScript into campaigns or templates. When a Super Admin views or previews the content, a stored XSS executes in the admin’s browser context, enabling actions such a...

6.4CVSS5.8AI score0.00198EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.6 views

PT-2026-1133

Name of the Vulnerable Software and Affected Versions listmonk versions prior to 6.0.0 Description listmonk is a self-hosted newsletter and mailing list manager. A user with campaign management permissions, but lower privileges, can inject malicious JavaScript into campaigns or templates. When a...

6.4CVSS6.5AI score0.00198EPSS
Exploits1References6
CVE
CVE
added 2025/12/10 9:5 p.m.17 views

CVE-2020-36902

CVE-2020-36902 affects UBICOD Medivision Digital Signage 1.5.1. Affected component: authorization logic accessible via the /html/user endpoint. Root cause: manipulation of the ft[grp] parameter allows normal users to escalate privileges to super admin without authentication. Impact: unauthorized ...

9.8CVSS6.9AI score0.00992EPSS
Exploits1References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/12/03 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-27232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS5.9AI score0.00311EPSS
Exploits0References2
OSV
OSV
added 2025/12/01 1:16 p.m.2 views

UBUNTU-CVE-2025-27232

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS5.9AI score0.00311EPSS
Exploits0References3
CVE
CVE
added 2025/12/01 12:55 p.m.33 views

CVE-2025-27232

CVE-2025-27232 affects Zabbix where an authenticated Zabbix Super Admin can use the oauth.authorize action to read arbitrary files from the webserver, leading to potential confidentiality loss. The connected sources (NVD, OSV/Ubuntu, Debian, Alpine, CIRCL, CVE list, EUVD-ENISA, etc.) confirm the ...

6.8CVSS6.4AI score0.00311EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/01 12:0 a.m.6 views

PT-2025-48442

An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss...

6.8CVSS6.7AI score0.00311EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/18 1:26 p.m.5 views

EUVD-2025-198001

Windu CMS is vulnerable to Broken Access Control in user editing functionality. Malicious attacker can send a GET request which allows privileged users to delete Super Admins which is not possible with GUI. The vendor was notified early about this vulnerability, but didn't respond with the detail...

6.9CVSS6.3AI score0.00256EPSS
Exploits0References3
Snyk
Snyk
added 2025/10/30 5:22 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Collections or Taxonomies components. An attacker can execute arbitrary JavaScript in the context of a higher-privileged user's session by injecting malicious scripts into content fields, leading to...

8.6CVSS5.5AI score0.00279EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/08 6:18 p.m.9 views

CVE-2025-27231

The LDAP 'Bind password' value cannot be read after saving, but a Super Admin account can leak it by changing LDAP 'Host' to a rogue LDAP server. To mitigate this, the 'Bind password' value is now reset on 'Host' change...

4.9CVSS6.8AI score0.00387EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-6607

Malware in sbrugna...

6.8CVSS6.3AI score0.01064EPSS
Exploits1References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2014-5138

Malware in sbrugna...

2.1CVSS6.1AI score0.02196EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2010-5255

Malware in sbrugna...

4.9CVSS6.1AI score0.01693EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-15801

Malware in sbrugna...

9.8CVSS9.5AI score0.05476EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-7587

Malware in sbrugna...

4CVSS6.4AI score0.01674EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2015-3693

Malware in sbrugna...

7.2CVSS7AI score0.01134EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-2593

Malware in sbrugna...

8.8CVSS8.6AI score0.00784EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-16463

Malware in sbrugna...

8.8CVSS8.7AI score0.01001EPSS
Exploits1References2
Rows per page
Query Builder