The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
GLPI is a free asset and IT management software package. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data,. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.