CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

CVE-2026-48879

The CVE-2026-48879 entry concerns the WordPress AIWU plugin (versions up to 1.4.17). It is described as an Incorrect Privilege Assignment that enables Privilege Escalation. CVSS v3.1 base score 9.8 (Network attack, Low complexity, No user interaction, Privileges required: None; Confidentiality/In...

CVE-2026-48879 WordPress AIWU plugin <= 1.4.17 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

EUVD-2026-33649

Incorrect Privilege Assignment vulnerability in Sergey AIWU allows Privilege Escalation. This issue affects AIWU: from n/a through 1.4.17...

PT-2026-45441

Name of the Vulnerable Software and Affected Versions Sergey AIWU versions prior to 1.4.17 Description Incorrect privilege assignment in Sergey AIWU allows for privilege escalation, which occurs when a user is granted more permissions than intended, enabling them to perform unauthorized actions...

PT-2026-45433

Name of the Vulnerable Software and Affected Versions Contest Gallery Pro versions prior to 29.0.1 Description Incorrect privilege assignment allows for privilege escalation within the software. Recommendations Update to a version newer than 29.0.1...

Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError

Summary OTPHP\Factory::loadFromProvisioningUri parses an attacker-supplied otpauth:// URI and forwards every query key to OTP::setParameter$key, $value. setParameter resolves the name with propertyexists$this, $parameter and performs a dynamic write $this-$parameter = $value src/OTP.php:196-197...

PT-2026-44742

Name of the Vulnerable Software and Affected Versions ASUS System Control Interface affected versions not specified Description An incorrect permission assignment for critical resources in the ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary...

PT-2026-47577

Summary defaultSandboxPrepareStackTrace in lib/setup-sandbox.js lines 605, 607 appends to a fresh sandbox-realm lines = via lineslines.length = value. This is the exact invariant-violating pattern that GHSA-9qj6-qjgg-37qq commit ca195f0, 2026-05-01 just patched in neutralizeArraySpeciesBatch and...

ROS-20260529-73-0004

The vulnerability of the GNOME Remote Desktop remote desktop service is related to pointer assignment errors. Exploiting this vulnerability can allow a malicious actor to compromise data integrity and cause service failures through a specially created RDP packet...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-48172 - LiteSpeed cPanel Plugin Vulnerability Auditor...

CVE-2026-46214

A flaw was found in the Linux kernel's vsock/virtio component. This vulnerability occurs when virtiotransportrecvlisten calls skacceptqadded before transport validation, leading to a permanent increment of the skackbacklog counter if transport assignment fails. A remote attacker could exploit thi...

CVE-2026-48150 Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign

Budibase is an open-source low-code platform. Prior to 3.39.0, /api/public/v1/roles/assign is guarded by the builderOrAdmin middleware, which passes any user who is a builder for the app id in the x-budibase-app-id header. That check admits both global builders and workspace-scoped builders...

CVE-2026-46048

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

EUVD-2026-32430

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix usbdev refcount leak on probe failure createcard takes a reference on the USB device with usbgetdev and stores the matching usbputdev in cardfree, which is installed as the sndcard's -privatefree destructor...

CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

EUVD-2026-32207

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2026-42758

Incorrect Privilege Assignment vulnerability in Saleswonder Team: Tobias WebinarIgnition webinar-ignition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 4.08.253...

CVE-2026-42758

CVE-2026-42758 is a privilege-escalation vulnerability in the WordPress WebinarIgnition plugin (Saleswonder Team: Tobias WebinarIgnition). The issue is described as Incorrect Privilege Assignment and affects WebinarIgnition versions before 4.08.253. The vulnerability is categorized with a high/cr...

CVE-2026-42731

CVE-2026-42731 affects the WordPress plugin miniorange OTP verification (miniorange-otp-verification) up to and including version 5.4.9. Root cause: Incorrect Privilege Assignment leading to Privilege Escalation . Affected component: the plugin’s privilege handling; impact is described as high (c...