15 matches found
CVE-2026-47102
LiteLLM prior to 1.83.10 allows a user to modify their own userrole via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxyadmin...
EUVD-2020-30124
Malware in sbrugna...
EUVD-2024-32861
Malicious code in bioql PyPI...
EUVD-2025-28241
Malicious code in bioql PyPI...
CVE-2020-9300
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...
CVE-2019-15747
SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side...
PT-2024-4002 · WordPress · Post Grid Gutenberg Blocks/Wordpress Blog Plugin
Name of the Vulnerable Software and Affected Versions: Post Grid Gutenberg Blocks and WordPress Blog Plugin – PostX versions up to, and including, 4.1.2 Description: The issue is related to a missing capability check on the postx presets callback function, allowing authenticated attackers with...
Privilege Escalation
cockpit-hq is vulnerable to Privilege Escalation. The vulnerability exists in the save function of Users.php, allowing an attacker to escalate a user role by intercepting the request and modifying the POST data...
Mautic cross-site scripting vulnerability (CNVD-2021-08891)
Mautic is an open source marketing automation software. The software monitors and manages websites, sends emails and manages customer resources. A cross-site scripting vulnerability exists in versions prior to Mautic 3.2.4, which can be exploited by an attacker to load an external JavaScript file...
CVE-2020-15248 Privilege escalation by backend users assigned to the default "Publisher" system role
October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.319 and before version 1.0.470, backend users with the default "Publisher" system role have access to create & manage users where they can choose which role the new user ha...
CVE-2020-9300
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...
CVE-2020-9300
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...
Design/Logic Flaw
The Access Control issues include allowing a regular user to view a restricted incident, user role escalation to admin, users adding themselves as a participant in a restricted incident, and users able to view restricted incidents via the search feature. If your install has followed the secure...
CVE-2020-9300
Technical details about CVE-2020-9300 are not publicly provided in the connected documents. Monitor for updates from vendors and security bulletins; current sources only reiterate access-control issues without specifics.
phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Title: phpVirtualBox / CSRF - Stored XSS Discovered by: @codexlynx Software Version: //lib/ajax.php" name="csrf" " / 2Stored XSS -------------------------------- Many fields don't sanitize inputs. This vulnerability could allow a user role...