Incorrect Privilege Assignment

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the Admin API. An attacker can access sensitive user attributes ...

CVE-2026-20852

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

MiracleLinux 4 : libvirt-0.9.10-21.1.0.1.AXS4 (AXSA:2012-655:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-655:03 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd...

CVE-2026-20804

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2026-20804

CVE-2026-20804 concerns an issue in Windows Hello where an incorrect privilege assignment can enable a local attacker to tamper with biometric authentication locally. The entry identifies the affected area as Windows Hello and the root cause as a privilege/permission misassignment, resulting in p...

Windows Hello Tampering Vulnerability

Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...

CVE-2017-18430

In cPanel before 66.0.2, user and group ownership may be incorrectly set when using reassignpostterminatecruft SEC-294...

IBM Sterling Connect Direct for Unix 安全漏洞

IBM Sterling Connect Direct for Unix is a file transfer program from International Business Machines IBM. A security vulnerability exists in IBM Sterling Connect Direct for Unix versions 6.2.0.7 through 6.2.0.9, iFix004 and 6.4.0.0 through 6.4.0.2, iFix001 and 6.3.0.2 through 6.3.0.5, iFix002,...

UBUNTU-CVE-2025-12004

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...

CVE-2025-12004 The compare API module breaks Extension:Lockdown

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...

Usta Aybs Interaktif 安全漏洞

Usta Aybs Interaktif is an Enterprise Resource Planning ERP management platform from Usta Turkey. A security vulnerability exists in Usta Aybs Interaktif versions 2024 through 28082025 that stems from improper assignment of critical resource permissions, exposure of sensitive information, lack of...

CVE-2025-43914

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems of Feature Release versions 7.7.1.0 through 8.3.0.15, LTS2025 release version 8.3.1.0, LTS2024 release versions 7.13.1.0 through 7.13.1.30, LTS 2023 release versions 7.10.1.0 through 7.10.1.60, contain an Incorrect Privilege Assignmen...

EUVD-2012-2675

Malware in sbrugna...

EUVD-2021-18292

Malware in sbrugna...

Dell PowerProtect Data Domain 安全漏洞

Dell PowerProtect Data Domain Dell PowerProtect DD is a suite of hardware appliances for data protection, backup, storage, and deduplication from Dell USA. A security vulnerability exists in Dell PowerProtect Data Domain Dell PowerProtect DD that stems from an improperly assigned privilege that...

EUVD-2025-26622

Malicious code in bioql PyPI...

EUVD-2025-4583

Malicious code in bioql PyPI...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

CVE-2025-10224

Improper Authentication CWE-287 in the LDAP authentication engine in AxxonSoft Axxon One C-Werk 2.0.2 and earlier on Windows allows a remote authenticated user to be denied access or misassigned roles via incorrect evaluation of nested LDAP group memberships during login...

CVE-2025-57817 Fides Webserver API is Vulnerable to OAuth Client Privilege Escalation

Fides is an open-source privacy engineering platform. Prior to version 2.69.1, the OAuth client creation and update endpoints of the Fides Webserver API do not properly authorize scope assignment. This allows highly privileged users with client:create or client:update permissions to escalate thei...