Lucene search
K

3976 matches found

EUVD
EUVD
added 2026/01/12 6:27 p.m.4 views

EUVD-2026-2004

Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to 2.4.24, the DFIR-IRIS datastore file management system has a vulnerability where mass assignment of the filelocalname field combined with path trust in the delete operation...

9.6CVSS6.5AI score0.00298EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.8 views

PT-2026-2294

Name of the Vulnerable Software and Affected Versions Iris versions prior to 2.4.24 Description Iris is a web collaborative platform used by incident responders to share technical details during investigations. The DFIR-IRIS datastore file management system has an issue where authenticated users...

9.6CVSS6.3AI score0.00298EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/01/12 12:0 a.m.5 views

PT-2026-2326

Name of the Vulnerable Software and Affected Versions npm cli affected versions not specified Description The npm command-line interface has a flaw related to incorrect permission assignment that can lead to local privilege escalation. This issue allows an attacker to gain elevated privileges on ...

7CVSS6.3AI score0.00286EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/01/10 5:22 p.m.145 views

CVE-2014-016-assignement

No d...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:57 a.m.10 views

CVE-2018-4073

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The the binary the endpoint /cgi-bin/EmbededAceTLSetTask.cgi is a very similar endpoint that is designed for use with setting table values th...

8.8CVSS6.8AI score0.25393EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:20 a.m.4 views

CVE-2021-22382

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...

6.5CVSS6.8AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:57 a.m.5 views

CVE-2022-38183

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea there was no permission check for fetching the issue. As a result, the attacker would get access to private issue title...

6.5CVSS6.7AI score0.0069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:50 a.m.5 views

CVE-2022-37003

The AOD module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may cause permission escalation and unauthorized access to files...

9.8CVSS7AI score0.00422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.8 views

CVE-2017-18392

cPanel before 68.0.15 allows collisions because PostgreSQL databases can be assigned to multiple accounts SEC-325...

2.1CVSS6.9AI score0.00528EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.9 views

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

8CVSS6.8AI score0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:34 a.m.6 views

CVE-2024-41139

Incorrect privilege assignment vulnerability exists in SKYSEA Client View Ver.6.010.06 to Ver.19.210.04e. If a user who can log in to the PC where the product's Windows client is installed places a specially crafted DLL file in a specific folder, arbitrary code may be executed with SYSTEM privile...

7.8CVSS7.4AI score0.0018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:31 a.m.9 views

CVE-2023-25569

Apollo is a configuration management system. Prior to version 2.1.0, a low-privileged user can create a special web page. If an authenticated portal admin visits this page, the page can silently send a request to assign new roles for that user without any confirmation from the Portal admin. Cooki...

5.7CVSS6.6AI score0.00351EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:17 a.m.8 views

CVE-2025-23407

Incorrect privilege assignment vulnerability in the WEB UI the setting page exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote attacker who can log in to the product may alter the settings without appropriate privileges...

4.3CVSS7.1AI score0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:12 a.m.7 views

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11...

6.5CVSS6.8AI score0.01121EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:10 a.m.4 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS6.7AI score0.00244EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:5 a.m.6 views

CVE-2024-41970

A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources...

5.7CVSS7.1AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.7 views

CVE-2025-23970

Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking sf-booking allows Privilege Escalation.This issue affects Service Finder Booking: from n/a through = 6.1...

9.8CVSS5.9AI score0.0069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:46 a.m.6 views

CVE-2025-31643

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0...

8.8CVSS5.2AI score0.00283EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:34 a.m.5 views

CVE-2024-41974

A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication...

7.1CVSS7AI score0.00341EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 12:15 a.m.11 views

CVE-2026-21695

Titra is open source project time tracking software. In versions 0.99.49 and below, an API has a Mass Assignment vulnerability which allows authenticated users to inject arbitrary fields into time entries, bypassing business logic controls via the customfields parameter. The affected endpoint use...

4.3CVSS0.00244EPSS
Exploits1References2
Rows per page
Query Builder