CVE-2020-26063 (v3: 5.4) 18 Nov 2024
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization a... Read more ➔
CVE-2024-9192 (v3: 8.8) 16 Nov 2024
The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on u... Read more ➔
CVE-2024-52516 15 Nov 2024
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, aft... Read more ➔
CVE-2024-8074 12 Nov 2024
Improper Privilege Management vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: befor... Read more ➔
CVE-2024-49558 12 Nov 2024
Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low pr... Read more ➔
CVE-2024-7473 29 Oct 2024
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2. This vulnerability allo... Read more ➔
CVE-2023-32196 16 Oct 2024
A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in... Read more ➔
CVE-2023-32194 16 Oct 2024
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject... Read more ➔
CVE-2024-45461 16 Oct 2024
The CloudStack Quota feature allows cloud administrators to implement a quota or usage limit system for cloud resources, and is disabled by default. I... Read more ➔
CVE-2024-9002 11 Oct 2024
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability... Read more ➔
CVE-2024-9518 (v3: 9.8) 10 Oct 2024
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the '... Read more ➔
CVE-2024-7048 10 Oct 2024
In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v... Read more ➔
CVE-2024-45297 7 Oct 2024
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This is... Read more ➔
CVE-2024-9265 (v3: 9.8) 1 Oct 2024
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. This is due t... Read more ➔
CVE-2024-23454 25 Sep 2024
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the othe... Read more ➔
CVE-2024-45373 25 Sep 2024
Once logged in to ProGauge MAGLINK LX4 CONSOLE, a valid user can change their privileges to administrator. Read more ➔
CVE-2024-8853 (v3: 9.8) 20 Sep 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.40 due to insufficient restriction on th... Read more ➔
CVE-2024-47000 20 Sep 2024
Zitadel is an open source identity management platform. ZITADEL's user account deactivation mechanism did not work correctly with service accounts. De... Read more ➔
CVE-2024-46999 20 Sep 2024
Zitadel is an open source identity management platform. ZITADEL's user grants deactivation mechanism did not work correctly. Deactivated user grants w... Read more ➔
CVE-2024-46989 18 Sep 2024
spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple cave... Read more ➔
CVE-2024-45496 17 Sep 2024
A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During... Read more ➔
CVE-2024-6482 (v3: 8.8) 14 Sep 2024
The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a... Read more ➔
CVE-2024-8246 (v3: 8.8) 14 Sep 2024
The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnera... Read more ➔
CVE-2024-8306 11 Sep 2024
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability... Read more ➔