CVE-2026-27668

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...

EUVD-2026-22237

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...

CVE-2026-27668

A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary SAM-P All versions V5.8. User Administrators are allowed to administer groups they belong to. This could allow an authenticated User Administrator to escalate their own privileges and grant themselves access t...

CVE-2025-43904

In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator...

EUVD-2023-30632

Malicious code in bioql PyPI...

CVE-2025-36119

The CVE-2025-36119 issue affects IBM i 7.3–7.6 (DCM for i) and is caused by a web session hijacking vulnerability that lets an authenticated user without admin privileges perform actions as an administrator. IBM has published remediation via PTFs, with fixes included in IBM i Release 7.3–7.6 unde...

RWS WorldServer Security Vulnerability

RWS WorldServer is a flexible, enterprise-class translation management system from RWS UK. A security vulnerability exists in RWS WorldServer versions prior to 11.7.3, which stems from the fact that a normal user can create a user with the role of administrator via UserWSUserManager...

Kirby 代码问题漏洞

Kirby is a file-based content management system CMS. A code issue vulnerability exists in Kirby versions 3.5.8.2 and earlier, 3.6.0 through 3.6.6.2, 3.7.0 through 3.7.5.1, 3.8.0 through 3.8.4, and 3.9.0 through 3.9.5, which arises from a change in a user's password by a user or site administrator...

CVE-2022-37731

ftcms 2.1 poster.PHP has a XSS vulnerability. The attacker inserts malicious JavaScript code into the web page, causing the user / administrator to trigger malicious code when accessing...

CVE-2021-3604

Secure 8 Evalos does not validate user input data correctly, allowing a remote attacker to perform a Blind SQL Injection. An attacker could exploit this vulnerability in order to extract information of users and administrator accounts stored in the database...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-41494)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 5.8.0, which stems from the fact that the first user created is sometimes the system administrator. An attacker could exploit...

SV3C L-SERIES HD CAMERA Cross-Site Scripting Vulnerability

SV3C L-SERIES HD CAMERA is a webcam product from SV3C Technology, China. A cross-site scripting vulnerability exists in SV3C L-SERIES HD CAMERA version V2.3.4.2103-S50-NTD-B20170508B, which originates from the program failing to properly validate user-submitted input. The vulnerability can be...

IBM Spectrum Protect Elevation of Privilege Vulnerability

IBM Spectrum Protect formerly known as Tivoli Storage Manager is a suite of data protection platforms from U.S.-based IBM that provides organizations with a single point of control and management, and support for backup and recovery of virtual, physical and cloud environments of all sizes. IBM...

Qualys Cloud Suite 8.10.2 New Features

This new patch release of the Qualys Cloud Suite, version 8.10.2, includes updates to shared platform features, a new role for user management, and expanded Policy Compliance platform support. Feature Highlights Qualys Cloud Platform Limit number of external scanners – You can now limit the numbe...

Chromebackdoor graniet v3.0 web panel Multi Vulnerability

Exploit for php platform in category web applications Exploit Title: botnet graniet chrome backdoor v3.0 web panel multi vulnerability Date: 10-1-2017 Exploit Author: alqnas eslam Vendor Homepage:fb.com/alqnas4 Software Link:https://github.com/graniet/chromebackdoor Tested on:any os 1- cross site...

Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities

Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities Date: Tue 13 Jul 2010 11:50:32 AM EEST Vendor: http://diferior.com/ Download: http://diferior.com/postfiles/news/diferior-8-03-released/Diferiorv8.03.tar.gz --- -= CSRF PoC 1 - Change Admin Password =- Diferior CMS 8.03...