EUVD-2026-28870

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled non-default, they can res...

PT-2026-39211

Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...

CVE-2021-47741

The CVE-2021-47741 entry concerns the ZBL EPON ONU Broadband Router V100R001. The vulnerability is a privilege-escalation issue that allows limited administrative users to elevate access by calling configuration endpoints. Exploitation is described as possible through access to the configuration ...

PT-2025-54422

ZBL EPON ONU Broadband Router V100R001 contains a privilege escalation vulnerability that allows limited administrative users to elevate access by sending requests to configuration endpoints. Attackers can exploit the vulnerability by accessing the configuration backup or password page to disclos...

EUVD-2019-2227

Malware in sbrugna...

EUVD-2013-1899

Malware in sbrugna...

EUVD-2018-12401

Malware in sbrugna...

EUVD-2018-11833

Malware in sbrugna...

EUVD-2024-1123

Malicious code in bioql PyPI...

EUVD-2025-7989

Malicious code in bioql PyPI...

CVE-2024-8774

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8774 Privilege Escalation in SIMPLE.ERP

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

CVE-2024-8774 Privilege Escalation in SIMPLE.ERP

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rexml/document' class MetasploitModule 'ManageEngine Eventlog Analyzer Managed Hosts Administrator Credential Disclosure', 'Description' = %q ManageEngine...

Security Bulletin: An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products

Summary An unauthenticated user can determine whether the default superuser password has been changed on IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize products. This only affects the 8.3.1 release as it is impossible for the default password to still be...

CVE-2023-5536

A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password...

Unspecified Vulnerability in OpServices OpMon

OpServices OpMon is an IT infrastructure monitoring software from Brazil. A security vulnerability exists in OpServices OpMon. The vulnerability can be exploited by an attacker to execute a program e.g., nmap without the need for a sudo password...

PostgreSQL Information Disclosure Vulnerability (CNVD-2019-31336)

PostgreSQL is a free object-relational database management system from the PostgreSQL organization. The system supports most of the SQL standards and provides many other features, such as foreign keys, triggers, views, and so on. A security vulnerability exists in PostgreSQL versions 9.4 through...

Vulnerability in packaging (CVE-2019-10210)

Windows installer writes superuser password to unprotected temporary file The EnterpriseDB Windows installer writes a password to a temporary file in its installation directory, creates initial databases, and deletes the file. During those seconds while the file exists, a local attacker can read...

CVE-2018-1822

IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296...