Crabbox before 0.9.0 contains an authentication bypass vulnerability in the coordinator user-token verification path where the verifyUserToken() function fails to reject payloads containing an admin c
Crabbox prior to v0.12.0 contains an authentication bypass vulnerability that allows non-admin shared-token callers to impersonate other owners or organizations by spoofing identity headers. Attackers
Crabbox prior to v0.12.0 contains a privilege escalation vulnerability that allows users with shared visibility-only access to obtain Code, WebVNC, and Egress agent tickets by sending POST requests to
The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invok
An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated by
Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens,
A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization
The Archify application contains a local privilege escalation vulnerability due to insufficient client validation in its privileged helper tool, com.oct4pie.archifyhelper, which is exposed via XPC. Ar
Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
Missing Authorization vulnerability in codedraft Mediabay mediabay-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through <= 1.6.
The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to pr
MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the na
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.
A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not verify user permissions when processing Worker messa
A container privilege escalation flaw was found in certain AMQ Broker images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain con
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape i
Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through <= 1.0.0.
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO
In pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interface (/api/admin/sys-token/page) has an improper permission ve
Page 1+ Next →