Lucene search
K

1029 matches found

CNVD
CNVD
added 2026/04/24 12:0 a.m.7 views

Microsoft Partner Center Access Control Vulnerability

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

9.6CVSS5.4AI score0.00389EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.13 views

PT-2026-33808

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain appliances versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain appliances versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain appliances versions 7.13.1.0 through 7.13.1.60 Description An...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References4
CVE
CVE
added 2026/04/16 8:30 a.m.23 views

CVE-2026-23772

CVE-2026-23772 affects Dell Storage Manager – Replay Manager for Microsoft Servers, version 8.0. The vulnerability is described as an Improper Privilege Management that could enable Elevation of Privileges by a low-privileged attacker with local access. The CVSS‑3.1 base score is 7.3 (HIGH). Dell...

7.3CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.7 views

PT-2026-32840

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper privilege management in the Telemetry Service allows an authorized attacker to cause a local denial of service, which affects the system. Recommendations At the moment, the...

5.5CVSS6.2AI score0.00416EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.8 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.7 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the Gateway plugin HTTP. An attacker can gain unauthorized write access by sending requests that are only intended to have read privileges, resulting in...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 6:11 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/07 4:37 p.m.6 views

Improper Privilege Management

kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.18 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30836

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 4:0 a.m.3 views

Improper Privilege Management

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Privilege Management via the profile name update process. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...

9.9CVSS6.1AI score0.00297EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/03 2:57 a.m.9 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...

5.2CVSS5.9AI score0.00124EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/27 11:25 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/03/23 12:0 a.m.4 views

Siemens APE1808 Improper Privilege Management (CVE-2025-22254)

An Improper Privilege Management vulnerability CWE-269 affecting Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16 and before 6.4.15, FortiProxy version 7.6.0 through 7.6.1 and before 7.4.7 & FortiWeb version 7.6.0 through 7.6.1 and befo...

7.2CVSS5.8AI score0.00712EPSS
Exploits0References2
Rows per page
Query Builder