Lucene search
+L

1087 matches found

CVE
CVE
added 11 hours ago8 views

CVE-2019-25764

CVE-2019-25764 concerns the ASUS AURA SYNC driver, where an exposed IOCTL with insufficient access control enables a local user to bypass verification and invoke arbitrary IOCTLs, leading to privilege escalation. The available connected documents confirm the affected component as the ASUS AURA SY...

7.3CVSS6.2AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 11 hours ago3 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS5.5AI score
Exploits0References2
NVD
NVD
added 3 days ago3 views

CVE-2026-50502

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS0.00613EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-50405

Insufficient granularity of access control in Windows Filtering Platform WFP allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 3 days ago4 views

CVE-2026-55006

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
NVD
NVD
added 3 days ago3 views

CVE-2026-48581

Insufficient granularity of access control in Microsoft Surface allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00219EPSS
Exploits0References1
CVE
CVE
added 3 days ago9 views

CVE-2026-48581

CVE-2026-48581 affects Microsoft Surface. It describes insufficient granularity of access control enabling a locally authenticated attacker to escalate privileges (Impact: high; CVSS 3.1 base 7.8, AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). Connected records show the vulnerability in Surface Broker SDM...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
CVE
CVE
added 3 days ago23 views

CVE-2026-55006

Microsoft Exchange Server vulnerability CVE-2026-55006: Insufficient granularity of access control enables local privilege escalation for an authorized attacker. Root cause: lack of fine-grained access controls. Impact: high confidentiality, integrity, and availability impact per CVSS 3.1 (AV:L/A...

7.8CVSS6AI score0.00219EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 3 days ago6 views

Microsoft Exchange Server Elevation of Privilege Vulnerability

Insufficient granularity of access control in Microsoft Exchange Server allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00219EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 3 days ago5 views

Active Directory Federation Services Elevation of Privilege Vulnerability

Insufficient granularity of access control in Active Directory Federation Services AD FS allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00379EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 3 days ago4 views

Windows Event Logging Service Remote Code Execution Vulnerability

Insufficient granularity of access control in Windows Event Logging Service allows an authorized attacker to execute code over a network...

8CVSS6.2AI score0.00613EPSS
Exploits0
CISA KEV Catalog
CISA KEV Catalog
added 3 days ago15 views

Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability

Microsoft Active Directory Federation Services contains an insufficient granularity of access control vulnerability that allows an authorized attacker to elevate privileges locally...

7.8CVSS6.2AI score0.00379EPSS
In wildExploits0
Cvelist
Cvelist
added last week32 views

CVE-2026-55664 Grist: Insufficient access control in the /forms endpoint exposes table metadata

Grist is spreadsheet software using Python as its formula language. Prior to 1.7.15, the GET /forms endpoint read table and column metadata without applying the document's access rules and did not check that the requested section was actually a form. A user with only partial read access, includin...

4.3CVSS0.00243EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/25 9:31 a.m.8 views

EUVD-2026-39190

Generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user with no administrative privilege may access physical memory...

6.8CVSS5.8AI score0.00121EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/19 1:15 p.m.32 views

CVE-2026-4027 FlexNet Manager Suite Attachment File Disclosure

A security vulnerability has been identified in FlexNet Manager Suite 2025 R1 and R2 that could allow unauthorized access to attachment files due to insufficient access control...

7.1CVSS0.00207EPSS
Exploits0References1
CVE
CVE
added 2026/06/19 1:15 p.m.18 views

CVE-2026-4027

CVE-2026-4027 affects FlexNet Manager Suite 2025 R1 and R2, where insufficient access control could allow unauthorized access to attachment files. The vulnerability is described as an access-control weakness that could expose attachments to users without proper privileges. The description and met...

7.1CVSS5.7AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.12 views

CVE-2026-6737

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpa...

2CVSS5.5AI score0.00092EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/05 7:45 a.m.7 views

Insufficient Granularity of Access Control

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Insufficient Granularity of Access Control in the getMembers methods that serve the group members endpoint. A...

5.1CVSS5.4AI score0.00348EPSS
Exploits0References2
NVD
NVD
added 2026/06/02 4:16 p.m.14 views

CVE-2026-10591

Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths such as .vscode/tasks.json, enabling auto-executio...

8.8CVSS0.00373EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/01 7:1 p.m.14 views

EUVD-2021-34843

Insufficient granularity of access control in ASP AMD Secure Processor may allow an attacker with an untrusted user space application to map sensitive SMN System Management Network apertures leading to a potential escalation of privileges...

7.1CVSS5.8AI score0.00097EPSS
Exploits0References2
Rows per page
Query Builder