Check CVE Id
Check CWE Id
Razer Synapse Race Condition / DLL Hijacking
Dr. Oliver Schwarz
Gantt-Chart For Jira 5.5.3 Missing Privilege Check
Cellebrite UFED 188.8.131.525 Desktop Escape / Privilege Escalation
Ultimate Member 2.39 Unauthorized profile modification
WordPress Plugin WooCommerce GloBee (cryptocurrency) Payment Gateway 1.1.1 Payment Bypass / Unauthorized Order Status Spoofing
Goozmo™ Systems v.1.0 Improper Privilege Management
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS
SpiderControl SCADA Web Server 2.02.0007 Improper Privilege Management
Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation
Hank Leininger and Mat...
Trendmicro InterScan 6.5-SP2_Build_Linux_1548 Privilege Escalation
phpMyAdmin 3.5.x/4.0.x privilege escalation
SecuriTeam Secure Disc...
Smartfren Connex EC 1261-2 UI OUC Local Privilege Escalation Vulnerability
CVEMAP Search Results
PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.
PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.
Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.
Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .
A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.
The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.
Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Improper Privilege Management in GitHub repository usememos/memos prior to 0.13.2.
Back to Top