Lucene search
+L

1032 matches found

EUVD
EUVD
added 2026/05/05 12:30 a.m.26 views

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
CVE
CVE
added 2026/04/29 2:18 p.m.12 views

CVE-2026-5141

CVE-2026-5141 affects Pardus Software Center (before 1.0.3). The issue is due to improper privilege management and access control, enabling hijacking of a privileged process. The connected sources confirm the affected product and version range, but do not provide a remediation or patch details. N...

8.8CVSS5.2AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/27 12:0 a.m.7 views

EUVD-2025-209578

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...

8.8CVSS5.2AI score0.00102EPSS
Exploits0References4
CNVD
CNVD
added 2026/04/24 12:0 a.m.9 views

Microsoft Partner Center Access Control Vulnerability

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

9.6CVSS5.4AI score0.00389EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.16 views

PT-2026-33808

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain appliances versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain appliances versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain appliances versions 7.13.1.0 through 7.13.1.60 Description An...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References4
CVE
CVE
added 2026/04/16 8:30 a.m.25 views

CVE-2026-23772

CVE-2026-23772 affects Dell Storage Manager – Replay Manager for Microsoft Servers, version 8.0. The vulnerability is described as an Improper Privilege Management that could enable Elevation of Privileges by a low-privileged attacker with local access. The CVSS‑3.1 base score is 7.3 (HIGH). Dell...

7.3CVSS5.8AI score0.00122EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32840

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper privilege management in the Telemetry Service allows an authorized attacker to cause a local denial of service, which affects the system. Recommendations At the moment, the...

5.5CVSS6.2AI score0.00416EPSS
Exploits0References6
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.7 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 6:10 p.m.8 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the ClickhouseUser/ServiceUser. An attacker can access sensitive information from other namespaces by supplying a crafted namespace value, causing the operator to read secrets from unauthorized location...

8.2CVSS5.7AI score0.00394EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.3 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the Gateway plugin HTTP. An attacker can gain unauthorized write access by sending requests that are only intended to have read privileges, resulting in...

7.1CVSS5.8AI score0.00239EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/09 5:36 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the node.pair.approve function being assigned to the broader operator.write scope instead of the intended operator.pairing scope. An attacker can gain...

8.8CVSS5.8AI score0.00282EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 6:11 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/07 4:37 p.m.7 views

Improper Privilege Management

kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.19 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30836

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References5
Snyk
Snyk
added 2026/04/03 4:0 a.m.4 views

Improper Privilege Management

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Privilege Management via the profile name update process. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...

9.9CVSS6.1AI score0.00297EPSS
Exploits1References3
Rows per page
Query Builder