CVE-2026-44083 QuMagie

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

PT-2026-31974

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.25 Description OpenClaw contains a privilege escalation issue that allows non-administrator users to request broader scopes during backend reconnection. This bypasses pairing requirements, enabling attackers t...

CVE-2022-35259

XML Injection with Endpoint Manager 2022. 3 and below causing a download of a malicious file to run and possibly execute to gain unauthorized privileges...

CVE-2025-6892

An Incorrect Authorization vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in the API authentication mechanism allows unauthorized access to protected API endpoints, including those intended for administrative functions. This vulnerability can be...

EUVD-2006-0428

Malware in sbrugna...

EUVD-2021-2548

Malware in sbrugna...

EUVD-2022-38150

Malicious code in bioql PyPI...

EUVD-2024-3001

Malicious code in bioql PyPI...

CVE-2023-41718

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...

CVE-2019-6026

Privilege escalation vulnerability in Multiple MOTEX products LanScope Cat client program MR and LanScope Cat client program MRLanScope Cat detection agent DA prior to Ver.9.2.1.0, LanScope Cat server monitoring agent SA, SAE prior to Ver.9.2.2.0, LanScope An prior to Ver 2.7.7.0 LanScope An 2...

CVE-2020-8495

In Kronos Web Time and Attendance webTA 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and...

Hasleo Backup Suite Free 安全漏洞

Hasleo Backup Suite Free EasyUEFI Backup Suite Free is a completely free Windows backup software from Hasleo. A security vulnerability exists in Hasleo Backup Suite Free v4.9.4 and earlier versions, which stems from the vulnerability to unsecured privileges through the file recovery feature...

CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances

eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...

Design/Logic Flaw

When a particular process flow is initiated, an attacker may be able to gain unauthorized elevated privileges on the affected system when having control over a specific file...

Oracle Linux 5 : mysql (ELSA-2008-0364)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2008-0364 advisory. - Back-port upstream fixes for CVE-2007-5925, CVE-2007-5969, CVE-2007-6303. Resolves: 422211 Tenable has extracted the preceding description block...

Oracle Linux 5 : Critical: / samba (ELSA-2007-1017)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2007-1017 advisory. 3.0.25b-0.el51.1 - Security fix for CVE-2007-4138 - Security fix for CVE-2007-4572 - Security fix for CVE-2007-5398 - Multilib Fix - resolves: 351501 -...

Huawei HarmonyOS 授权问题漏洞

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from an application identity verification laxity vulnerability in Huawei's pre-authorization...

PT-2023-20788 · Unknown · Sales Tracker Management System

Name of the Vulnerable Software and Affected Versions: Sales Tracker Management System version 1.0 Description: A Cross Site Scripting issue allows a remote attacker to gain privileges via the product list function in the Master.php file. This can be exploited to potentially gain unauthorized...

K21711352: TMOS Shell vulnerability CVE-2019-19151

Security Advisory Description Authenticated users granted TMOS Shell tmsh privileges can access objects on the file system, which would normally be disallowed by tmsh restrictions. This allows for authenticated, low privileged attackers to access objects on the file system, which would not normal...