106 matches found
PT-2026-39211
Name of the Vulnerable Software and Affected Versions SysReptor versions prior to 2026.29 Description Users with "User Admin" permissions can modify the email addresses of users with "Superuser" permissions. When the "Forgot Password" functionality is enabled, these users can reset Superuser...
rConfig RCE (CVE-2020-10221)
The version of rConfig installed on the remote host is affected by a remote code executionvulnerability, as follows: - The flaw exists due to insufficient input validation in the userAdmin.inc.php component, which allows an unauthenticated attacker to upload arbitrary files to the server. By...
EUVD-2019-2434
Malware in sbrugna...
EUVD-2006-4375
Malware in sbrugna...
EUVD-2024-19722
Malicious code in bioql PyPI...
EUVD-2024-26032
Malicious code in bioql PyPI...
EUVD-2024-42182
Malicious code in bioql PyPI...
EUVD-2025-3057
Malicious code in bioql PyPI...
EUVD-2023-53902
Malicious code in bioql PyPI...
EUVD-2022-3878
Malicious code in bioql PyPI...
EUVD-2022-5793
Malicious code in bioql PyPI...
EUVD-2025-31652
Malicious code in bioql PyPI...
CVE-2025-54875 FreshRSS: Unauthorized creation of admin user when registration is enabled
FreshRSS is a free, self-hostable RSS aggregator. In versions 1.16.0 and above through 1.26.3, an unprivileged attacker can create a new admin user when registration is enabled through the use of a hidden field used only in the user management admin page, newuserisadmin. This is fixed in version...
pybbs 安全漏洞
pybbs is a community platform for Java development by iuiu individual developers. A security vulnerability exists in pybbs 6.0.0 and earlier versions, which stems from a weak password requirement in the function update in the file...
CVE-2025-0057
SAP NetWeaver AS JAVA User Admin Application is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of...
CVE-2025-43947
Codemers KLIMS 1.6.DEV lacks a proper access control mechanism, allowing a normal KLIMS user to perform all the actions that an admin can perform, such as modifying the configuration, creating a user, uploading files, etc...
CVE-2025-26512 CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter
SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...
CVE-2024-38291
In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation...
CVE-2024-25602
Stored cross-site scripting XSS vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject...
CVE-2024-27899
Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both...