CVE-2021-22376

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to bypass user restrictions...

JetBrains Hub 竞争条件问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A Competitive Conditions Issue vulnerability exists in versions of JetBrains Hub prior to 2025.3.104432, which stems from the presence of a...

JetBrains Hub 安全漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A security vulnerability exists in versions prior to JetBrains Hub 2025.3.104992, which stems from the presence of a competitive condition that...

EUVD-2021-9522

Malicious code in bioql PyPI...

PT-2025-31918 · Drager · Draeger Icmhelper

Name of the Vulnerable Software and Affected Versions: Draeger ICMHelper affected versions not specified Description: A low-privileged local attacker can interact with the affected service, despite the intended restriction of user interaction. This issue poses a high-severity risk to healthcare a...

XWiki Rendering is vulnerable to RCE attacks when processing nested macros

Impact The default macro content parser didn't preserve the restricted attribute of the transformation context when executing nested macros. This allows executing macros that are normally forbidden in restricted mode, in particular script macros. The cache and chart macros that are bundled in XWi...

[SECURITY] Fedora 41 Update: sudo-1.9.17-2.p1.fc41

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Graylog vulnerable to privilege escalation through API tokens

Impact Graylog users can gain elevated privileges by creating and using API tokens for the local Administrator or any other user for whom the malicious user knows the ID. For the attack to succeed, the attacker needs a user account in Graylog. They can then proceed to issue hand-crafted requests ...

PT-2025-25217 · Ibm · Ibm Security Guardium

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium version 12.1 Description: The issue allows a local privileged user to escalate their privileges to root due to insecure inherited permissions created by the program. Recommendations: For IBM Security Guardium version 12....

CVE-2024-47780

TYPO3 is a free and open source Content Management Framework. Backend users could see items in the backend page tree without having access if the mounts pointed to pages restricted for their user/group, or if no mounts were configured but the pages allowed access to "everybody." However, affected...

CVE-2024-23705

In multiple locations, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

CVE-2020-9824

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.5. A non-privileged user may be able to modify restricted network settings...

PT-2025-16492

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Unauthenticated attackers can obtain restricted information about a user's smart device collections, also known as "scenes". Recommendations At the moment, there is no information about a newe...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm, Inc. A security vulnerability exists in Qualcomm Chipsets that stems from an encryption issue during PIN password authentication, which could result in bypassing user restrictions...

Discourse 安全漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse stable prior to version 3.3.4 and beta prior to version 3.4.0.beta5, which stems from a...

GHSA-3W9F-2PPH-J5VC com.xwiki.confluencepro:application-confluence-migrator-pro-ui's application homepage is public

Impact The homepage of the application is public which enables a guest to download the package which might contain sensitive information. Patches 1.11.7 Workarounds The access to the page can be manually restricted to a specific set of users or groups...

GHSA-2697-96MV-3GFM TeamPass does not properly check whether a folder is in a user's allowed folders list

TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin...

Improper Authorization

moodle/moodle is vulnerable to Improper Authorization. The vulnerability is due to insufficient validation of permissions, allowing users to bypass restrictions and delete OAuth2-linked accounts...

PT-2024-16482

Name of the Vulnerable Software and Affected Versions YaDisk Files WordPress plugin versions 1.2.5 and earlier Description The issue arises from the plugin's failure to validate and escape some of its shortcode attributes before outputting them back in a page or post where the shortcode is...