EUVD-2026-16307

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

CVE-2026-3121 Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with manage-clients permission can exploit a misconfiguration where this permission is equivalent to manage-permissions. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within...

CVE-2026-3121

CVE-2026-3121 describes privilege escalation in Keycloak where an administrator with manage-clients permission can leverage a misconfiguration to gain full realm admin access when realm-level admin permissions are enabled. Connected Red Hat advisories (RHSA-2026:6478, RHSA-6477, and RHSA-6477-CVE...

CVE-2023-21133

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21134

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21132

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21134

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

CVE-2023-21133

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed...

PT-2023-17926 · Google · Android

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to a missing permission check in the onCreate method of ManagePermissionsActivity.java. This could allow bypassing factory reset...

PT-2023-17925 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a missing permission check in the onCreate method of ManagePermissionsActivity.java. This could allow bypassing factory reset protections, leading to local escalatio...

PT-2023-17933 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the onCreate method of ManagePermissionsActivity.java. This could allow bypassing factory reset protections, leading to local...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability due to a lack of privilege checking in Create of ManagePermissionsActivity.java, which can be exploited by an attacker to gain elevated privileges...

jenkins: stored XSS vulnerability in project naming strategy

A flaw was found in Jenkins in versions prior to 2.251 and LTS 2.235.3. The project naming strategy description, displayed on item creation, is not properly escaped. This can result in a stored cross-site scripting XSS vulnerability exploitable by users with Overall/Manage permissions. The highes...

CVE-2018-3823

X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting XSS vulnerability. Users with manageml permissions could create jobs containing malicious data as part of their configuration that could allow the attacker to obtain sensitive information from or perform destructiv...

PT-2018-16217 · Elastic · X-Pack Machine Learning

Name of the Vulnerable Software and Affected Versions: Elasticsearch X-Pack Machine Learning versions prior to 6.2.4 Elasticsearch X-Pack Machine Learning versions prior to 5.6.9 Description: A cross-site scripting issue was found, allowing users with manage ml permissions to create jobs with...

Code injection

uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-admin portlet...

CVE-2014-3416

CVE-2014-3416 affects uPortal prior to 4.0.13.1. The vulnerability arises from an improper check of MANAGE permissions, enabling remote authenticated users to manage arbitrary portlets by abusing the portlet-admin portlet’s SUBSCRIBE permission. The impact is the potential modification/management...