Lucene search
K

15 matches found

NVD
NVD
added 2026/05/21 9:16 p.m.13 views

CVE-2026-47102

LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...

8.8CVSS0.00653EPSS
Exploits2References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-30124

Malware in sbrugna...

6.5CVSS6.5AI score0.00932EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-32861

Malicious code in bioql PyPI...

8.8CVSS6.5AI score0.00623EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-28241

Malicious code in bioql PyPI...

6.4CVSS6.6AI score0.00186EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 5:34 p.m.8 views

CVE-2020-9300

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...

6.5CVSS6.9AI score0.00932EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:37 a.m.7 views

CVE-2019-15747

SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side...

8.8CVSS7.1AI score0.01091EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/28 12:0 a.m.7 views

PT-2024-4002 · WordPress · Post Grid Gutenberg Blocks/Wordpress Blog Plugin

Name of the Vulnerable Software and Affected Versions: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX versions up to, and including, 4.1.2 Description: The issue is related to a missing capability check on the postx presets callback function, allowing authenticated attackers with...

9CVSS6.1AI score0.01426EPSS
Exploits1References12
Veracode
Veracode
added 2023/02/14 5:48 a.m.18 views

Privilege Escalation

cockpit-hq is vulnerable to Privilege Escalation. The vulnerability exists in the save function of Users.php, allowing an attacker to escalate a user role by intercepting the request and modifying the POST data...

8.8CVSS8.3AI score0.00344EPSS
Exploits1References4Affected Software1
CNVD
CNVD
added 2021/01/25 12:0 a.m.8 views

Mautic cross-site scripting vulnerability (CNVD-2021-08891)

Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in versions prior to Mautic 3.2.4, which can be exploited by an attacker to load an external JavaScript file...

9CVSS6.1AI score0.01006EPSS
Exploits0References1
Cvelist
Cvelist
added 2020/11/23 7:40 p.m.32 views

CVE-2020-15248 Privilege escalation by backend users assigned to the default "Publisher" system role

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...

4CVSS4.5AI score0.00309EPSS
Exploits0References2
NVD
NVD
added 2020/11/09 3:15 p.m.21 views

CVE-2020-9300

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...

6.5CVSS6.6AI score0.00932EPSS
Exploits0References2
OSV
OSV
added 2020/11/09 3:15 p.m.17 views

CVE-2020-9300

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...

6.5CVSS6.8AI score
Exploits0References2
Prion
Prion
added 2020/11/09 3:15 p.m.19 views

Design/Logic Flaw

The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...

4CVSS6.5AI score0.00932EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/11/09 2:41 p.m.41 views

CVE-2020-9300

Technical details about CVE-2020-9300 are not publicly provided in the connected documents. Monitor for updates from vendors and security bulletins; current sources only reiterate access-control issues without specifics.

6.5CVSS6.5AI score0.00932EPSS
Exploits0References2Affected Software1
0day.today
0day.today
added 2018/05/10 12:0 a.m.32 views

phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

Exploit for php platform in category web applications Title: phpVirtualBox / CSRF - Stored XSS Discovered by: @codexlynx Software Version: //lib/ajax.php" name="csrf" " / 2Stored XSS -------------------------------- Many fields don't sanitize inputs. This vulnerability could allow a user role...

0.2AI score
Exploits0
Rows per page
Query Builder