CVE-2025-65854

CVE-2025-65854 : MineAdmin v3.x has insecure permissions in the scheduled tasks feature, allowing attackers to run arbitrary commands and potentially take full account control. The vulnerability stems from misconfigured permissions in the scheduled tasks component, with impact described as arbitr...

CVE-2025-36137

CVE-2025-36137 affects IBM Sterling Connect:Direct for UNIX (versions 6.2.0.7–6.2.0.9 iFix004; 6.3.0.2–6.3.0.5 iFix002; 6.4.0.0–6.4.0.2 iFix001). The root cause is incorrect permission assignments for maintenance tasks to Control Center Director (CCD) users, which could allow a privileged user to...

EUVD-2023-0259

Malicious code in bioql PyPI...

GHSA-9M5J-4XX9-44J9 Pulp incorrectly assigns RBAC permissions in tasks that create objects

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

CVE-2024-7143

CVE-2024-7143 – Affected: Pulp RBAC object creation using AutoAddObjPermsMixin; root cause is that the system determines the object creator from the current authenticated user, which on tasks is inherited from the oldest user with task permissions. As a result, permissions on objects created with...

PT-2024-38106

Name of the Vulnerable Software and Affected Versions Pulp affected versions not specified Description A flaw was found in the Pulp package related to role-based access control RBAC objects. When an RBAC object is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin,...

CVE-2021-41594

In RSA Archer 6.9.SP1 P3, if some application functions are precluded by the Administrator, this can be bypassed by intercepting the API request at the /api/V2/internal/TaskPermissions/CheckTaskAccess endpoint. If the parameters of this request are replaced with empty fields, the attacker achieve...

RSA Archer 安全漏洞

RSA Archer is an enterprise IT governance and compliance governance product from RSA UK, including policy, risk and compliance definition and management. It is able to aggregate all our enterprise assets, as well as some of the monitored information all together, organized on top of a unified...

ZTE Big Video Analysis Product 权限许可和访问控制问题漏洞

An elevation of privilege vulnerability exists in ZTE Big Video Analysis Product, a large video analytics product from ZTE Corporation China, which stems from an attacker with normal user privileges gaining unauthorized access to ZTE Big Video Analysis Product due to improper management of timed...