164 matches found
EUVD-2024-26871
Malicious code in bioql PyPI...
EUVD-2022-35604
Malicious code in bioql PyPI...
EUVD-2023-1369
Malicious code in bioql PyPI...
CVE-2025-8660
Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed...
CVE-2025-48474
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with showonlyassignedconversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have...
CVE-2025-48474
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with showonlyassignedconversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have...
CVE-2025-48474 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application incorrectly checks user access rights for conversations. Users with showonlyassignedconversations enabled can assign themselves to an arbitrary conversation from the mailbox to which they have...
CVE-2019-13646
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query. NOTE: It is asserted that an attacker must have the same access rights as the user in order to be able to execute the vulnerability...
CVE-2022-32536
The user access rights validation in the web server of the Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 was insufficient. This would allow a non-administrator user to obtain administrator user access rights...
SolarWinds Access Rights Manager Authorization Issues Vulnerability (CNVD-2024-34985)
SolarWinds Access Rights Manager ARM is a tool for managing and monitoring user access rights. It helps organizations streamline the rights management process and improve security and compliance. An authorization issue vulnerability exists in SolarWinds Access Rights Manager, which can be exploit...
CVE-2024-27889
Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall NGFW. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with...
SAP Leasing CVE-2020-6306 Remote Authorization Bypass Vulnerability
Description SAP Leasing is prone to an authorization-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Technologies Affected SAP Leasing 6.0 SAP Leasing 6.02 SAP Leasing 6.0...
Microsoft .NET Framework CVE-2020-0606 Remote Code Execution Vulnerability
Description Microsoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions. Technologies Affected...
Cisco Crosswork Change Automation CVE-2019-16024 Cross Site Scripting Vulnerability
Description Cisco Crosswork Change Automation is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected...
Siemens Polarion Multiple Cross Site Scripting and HTML Injection Vulnerabilities
Description Siemens Polarion is prone to multiple cross-site scripting vulnerabilities and an HTML-injection vulnerability. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based...
Microsoft Edge Chakra Scripting Engine CVE-2019-1427 Remote Memory Corruption Vulnerability
Description Microsoft Edge is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft ChakraCore Microsoft...
SAP Enable Now CVE-2019-0385 Unspecified Cross Site Scripting Vulnerability
Description SAP Enable Now is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. Remote attackers can exploit this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...
Cisco Small Business Smart and Managed Switches CVE-2019-12718 Cross Site Scripting Vulnerability
Description Cisco Small Business Smart and Managed Switches are prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of th...
TYPO3 freeCap CAPTCHA Extension CVE-2019-16699 Remote Code Execution Vulnerability
Description TYPO3 freeCap CAPTCHA extension is prone to a remote code-execution vulnerability. A remote attacker can leverage this issue to execute arbitrary code within the context of the application. Successful exploits will compromise the application and possibly the underlying system. Version...
TIBCO MDM CVE-2019-11212 Multiple Unspecified Cross-Site Scripting Vulnerabilities
Description TIBCO MDM is prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site...