34 matches found
CVE-2026-53676
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...
CVE-2026-53676
ThingsBoard contains a prototype pollution vulnerability which may lead to arbitrary code execution within a sandboxed context by a user who can log in to the affected product with the tenant administrator privilege TENANTADMIN...
CVE-2026-53676
Technical details for CVE-2026-53676 are not publicly provided in the supplied documents. Monitor for updates from official advisories.
CVE-2026-29200
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...
CVE-2026-32999
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...
CVE-2026-32999
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...
CVE-2026-32999
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...
CVE-2026-32999
CVE-2026-32999 affects Comet Backup server; the issue is insufficient character filtering in the backup agent signing module. This vulnerability allows an authenticated tenant administrator to execute arbitrary code on behalf of a privileged user on the affected server and connected devices. The ...
CVE-2026-32999
Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to execute an arbitrary code on behalf of a privileged user on the affected server and connected devices...
CVE-2026-29200
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...
EUVD-2026-26893
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...
CVE-2026-29200
A critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerability allows a tenant administrator to impersonate any end-user account of other tenants on the same server via a vulnerable API call...
CVE-2026-29200
Summary: CVE-2026-29200 is a critical IDOR in Comet Backup affecting versions 20.11.0 through 26.1.1 and 26.2.1. A tenant administrator can impersonate any end-user account of other tenants on the same server via a vulnerable API call. The CVSS score is 9.9 (CRITICAL) with network attack vector, ...
PT-2026-36771
Name of the Vulnerable Software and Affected Versions Comet Backup versions 20.11.0 through 26.1.1 Comet Backup version 26.2.1 Description An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists that allows a tenan...
@saltcorn/data: Tenant user role is used for tenant creation role check
Summary When a tenant admin is logged out of the root domain e.g., saltcorn.com but logged in to their own tenant space as admin, they can simply append /tenant/create to their tenant URL. The system reads the role from the tenant context admin, and a new tenant is created on the root domain in...
CVE-2021-28052
A tenant administrator Hitachi Content Platform HCP may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. Also, a tenant user non-administrator may view configuration in another tenant without authorization. Thi...
EUVD-2021-14759
Malware in sbrugna...
EUVD-2017-11793
Malware in sbrugna...
EUVD-2022-51041
Malicious code in bioql PyPI...
CVE-2024-22272
VMware Cloud Director contains an Improper Privilege Management vulnerability. An authenticated tenant administrator for a given organization within VMware Cloud Director may be able to accidentally disable their organization leading to a Denial of Service for active sessions within their own...