CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

EUVD-2025-209936

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

CVE-2025-33221

CVE-2025-33221 affects NVIDIA GPU Display Driver for Windows and Linux. The kernel-driver vulnerability could cause incorrect permission assignments for a critical resource, with possible data tampering and denial of service. The available connected security updates indicate CVE-2025-33221 is add...

CVE-2025-32747

Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

Incorrect Privilege Assignment

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the POST /api/public/v1/roles/unassign endpoint. Users can retain their privileges up to one hour after bulk...

EUVD-2026-29975

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000159021: iControl SOAP vulnerability CVE-2026-35062

Security Advisory Description An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-35062 Impact A low privileged authenticated remote attacker may be able to obtain information of other local accounts. There is no data plane exposure; this is a control...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

CVE-2026-21016 involves an incorrect privilege assignment in LocationManager, enabling local attackers to access sensitive information. Affected component: LocationManager. Root cause: improper privilege handling leading to information disclosure. Impact: local access to sensitive data, with conf...

PT-2026-40569

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

Esri Portal for ArcGIS 11.5 < Security 2026 Update 1 Incorrect Privilege Assignment (CVE-2026-33518)

The version of Esri Portal for ArcGIS 11.5 installed is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect privilege assignment vulnerability exists in Portal for ArcGIS that allows highly privileged users to create developer credentials that may grant...

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

CVE-2026-21011

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...

CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through 10.30.12...

CVE-2026-24971

CVE-2026-24971 concerns the WordPress theme Search & Go (component searchgo) with an Incorrect Privilege Assignment that enables Privilege Escalation for authenticated users. Affected versions are up to and including 2.8. The vulnerability is documented across multiple feeds, including Red Hat an...

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-1497

Neo4j Enterprise suffers an incorrect namespace resolution in composite databases, before versions 2026.02 and 5.26.22. An admin granting access to a remote constituent "namespace.name" can inadvertently grant privileges to any local database or remote alias named "name"; if that target doesn’t e...