A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator. It is possible that an attacker could potentially escalate their privileges.
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0106545
Description A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB)
Description A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could
Description symfony/runtime is a module for the Symphony PHP framework which enables decoupling PHP applications from global state. When the