CVE-2026-54369

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

CVE-2026-54371

The CVE affects the attr utilities (getfattr/setfattr) with versions before 2.6.0. Root cause is a symlink traversal during directory hierarchy traversal, enabling local privilege escalation when a privileged process uses getfattr/setfattr on attacker-controlled paths. The documents do not provid...

CVE-2026-54370

CVE-2026-54370 affects acl before version 2.4.0, introducing a TOCTOU race where an attacker-controlled pathname component can replace a component with a symlink between an lstat() check and subsequent operations (stat, chown, chmod, acl_get_file, acl_set_file). This enables local privilege escal...

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

CVE-2026-54370 acl < 2.4.0 TOCTOU Symlink Traversal via getfacl/setfacl/chacl

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

EUVD-2026-40085

acl before version 2.4.0 contains a symlink traversal vulnerability in the libacl pathname-based functions aclgetfile, aclsetfile, aclextendedfile, and acldeletedeffile that allows local attackers to escalate privileges by replacing any pathname component with a symbolic link. Attackers who contr...

CVE-2026-54369

The CVE-2026-54369 entry concerns acl before version 2.4.0, where a symlink traversal vulnerability exists in the libacl pathname-based functions acl_get_file(), acl_set_file(), acl_extended_file(), and acl_delete_def_file(). The underlying issue allows a local attacker to escalate privileges by ...

CVE-2026-25707

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

CVE-2026-25707 Handcrafted repo metadata may cause arbitrary local files to be overwritten by libzypp

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

CVE-2026-25707

Summary of vulnerability (CVE-2026-25707) : A relative path traversal in libzypp’s repository metadata processing (prior to version 17.38.10) could allow remote repository authors to overwrite local files, potentially leading to denial of service or privilege escalation. Connected advisories indi...

EUVD-2026-40062

A relative path traversal bug problem when processing repository metadata in libzypp before 17.38.10 could be used by remote attackers supplying repositories to overwrite files on the system, leading to denial of service or privilege escalation...

CVE-2026-22078

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

CVE-2026-22078

CVE-2026-22078 concerns O+ Connect where an unauthenticated IPC service allows a local attacker to escalate privileges via the IPC channel. The root cause is lack of client authentication on the IPC interface, enabling external applications to perform sensitive actions with elevated privileges. T...

CVE-2026-22078

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

CVE-2026-22078 O+ Connect's lack of authentication for IPC channels led to a local privilege escalation vulnerability.

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

EUVD-2026-40052

Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel...

KONGA 0.14.9 - Privilege Escalation

KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector is a crafted condition, as demonstrated by the /api/user/ID at ADMIN parameter. id: CVE-2021-42192 info: name: KONGA 0.14.9 - Privilege Escalation author: rschio severity: high description...

Harbor <=1.82.0 - Privilege Escalation

Harbor 1.7.0 through 1.8.2 is susceptible to privilege escalation via core/api/user.go, which allows allows non-admin users to create admin accounts via the POST /api/users API when Harbor is setup with DB as an authentication backend and allows user to do self-registration. id: CVE-2019-16097...

Login as User or Customer < 3.3 - Privilege Escalation

The plugin lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session. id: CVE-2022-4305 info: name: Login as User or Customer 3.3 - Privilege Escalation author: r3Y3r53 severity: critical...

Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the updateloggedinuser function in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers t...