447 matches found
CVE-2025-22254
An Improper Privilege Management vulnerability CWE-269 vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7,...
Environment Variable Exposure
github.com/knadh/listmonk is vulnerable to Environment Variable Exposure. The vulnerability is due to the use of env and expandenv template functions in Sprig, which allows non-super-admin users to capture sensitive environment variables in multi-user installations...
CVE-2024-23111
An improper neutralization of input during web page Generation 'Cross-site Scripting' vulnerability CWE-79 in FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions reboot page may allow a remote privileged...
CVE-2024-20332
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...
CVE-2024-21754
A use of password hash with insufficient computational effort vulnerability CWE-916 affecting FortiOS version 7.4.3 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions and FortiProxy version 7.4.2 and below, 7.2 all versions, 7.0 all versions, 2.0 all versions may allow a privileged...
CVE-2024-20532
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...
CVE-2024-20527
A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials. This vulnerability is due to insufficient validation of user-suppli...
CVE-2023-30799
MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary...
CVE-2023-37608
An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...
CVE-2023-27576
An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...
CVE-2022-45857
An incorrect user management vulnerability CWE-286 in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly created VDOMs after the superadmin account is deleted...
CVE-2021-27963
SonLogger before 6.4.1 is affected by user creation with any user permissions profile e.g., SuperAdmin. An anonymous user can send a POST request to /User/saveUser without any authentication or session header...
CVE-2020-23722
An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuelid" parameters...
CVE-2019-12764
An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...
CVE-2010-5296
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the deleteusers capability, which allows remote authenticated administrators to bypass intended access restrictions via a delete action...
FortiOS 7.0.x < 7.0.16 Authentication Bypass
FortiOS version 7.0.x prior to 7.0.16 and FortiProxy version 7.0.x prior to 7.0.19 or 7.2.x prior to 7.2.12 are affected by a vulnerability allowing allows a remote attacker to gain super-admin privileges via a specific crafted requests. No source data...
CVE-2024-54024
An improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability CWE-78 in Fortinet FortiIsolator before version 2.4.6 allows a privileged attacker with super-admin profile and CLI access to execute unauthorized code via specifically crafted HTTP requests...
CVE-2024-54024
CVE-2024-54024 affects Fortinet FortiIsolator prior to 2.4.6, due to improper neutralization of special elements in OS commands (OS Command Injection). A privileged attacker with a super-admin profile and CLI access can execute unauthorized code via specially crafted HTTP requests. Affected compo...
BIT-JOOMLA-2023-23751 [20230102] - Core - Missing ACL checks for com_actionlogs
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access comactionlogs...