CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

EUVD-2025-209936

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

EUVD-2026-29975

Incorrect permission assignment vulnerabilities exist in iControl REST and TMOS shell tmsh undisclosed command which may allow an authenticated attacker to view sensitive information. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2026-24291

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally...

PT-2026-21964

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX Series versions prior to 25.4R1-S1-EVO, 25.4R2-EVO, and 26.2R1-EVO Description A critical issue exists in Juniper Networks Junos OS Evolved, specifically within the On-Box Anomaly Detection framework on...

CVE-2026-26095

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

CVE-2026-26100 Incorrect Permission Assignment for Critical Resource in Owl opds

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

ROS-20260216-73-0002

Vulnerability in rubygem-activesupport related to incorrect assignment of permissions for a critical resource. Exploitation of the vulnerability could allow an attacker to escalate privileges...

UBUNTU-CVE-2025-12004

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...

CVE-2025-12004 The compare API module breaks Extension:Lockdown

Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42...

Usta Aybs Interaktif 安全漏洞

Usta Aybs Interaktif is an Enterprise Resource Planning ERP management platform from Usta Turkey. A security vulnerability exists in Usta Aybs Interaktif versions 2024 through 28082025 that stems from improper assignment of critical resource permissions, exposure of sensitive information, lack of...

CVE-2025-53396

Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier, which may allow users who can log in to a client terminal to obtain root privileges...

CVE-2025-38742

Dell iDRAC Service Module iSM, versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2025-27216

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges...

The vulnerability of the PROFINET protocol implementation in the modular security system software SIRIUS 3RK3, as well as the security relay software SIRIUS 3SK2, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the PROFINET protocol implementation in the modular security system SIRIUS 3RK3 and the security relay software SIRIUS 3SK2 is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability could allow an intruder to gain unauthorized...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...

The vulnerability of the Group Membership Handler component in the Siemens SINEMA Remote Connect server allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Group Membership Handler component in the Siemens SINEMA Remote Connect server is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected...

CVE-2024-41970

CVE-2024-41970 concerns multiple WAGO devices (e.g., CC100, Edge Controller 0752-8303/8000-0002, PFC100/200 series and related models) where a permissions misconfiguration on critical resources grants a low-privileged remote attacker access to forbidden diagnostic data. The issue is described as ...

PT-2024-39453

Name of the Vulnerable Software and Affected Versions Olgu Computer Systems e-Belediye versions prior to 2.0.642 Description The issue allows external control of file name or path due to incorrect permission assignment for critical resources, enabling manipulation of web input to file system call...