CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

📄 Schneider Electric EcoStruxure IT Data Center Expert 8.3 Privilege Escalation

Schneider Electric EcoStruxure IT Data Center Expert versions 8.3 and below contain a Charon executable that can be used by a low-privileged attacker to obtain root privileges. The Charon executable and configuration appears to be a local method for adding and removing services that run within th...

CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

CVE-2025-0140

CVE-2025-0140 describes an incorrect privilege assignment in the Palo Alto Networks GlobalProtect App (macOS) that can allow a locally authenticated non-administrative user to disable the app. The primary description states Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP are not aff...

CVE-2025-0140 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

PT-2025-28968 · Palo Alto Networks · Palo Alto Networks Autonomous Digital Experience Manager

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks Autonomous Digital Experience Manager affected versions not specified Description: An incorrect privilege assignment exists in Palo Alto Networks Autonomous Digital Experience Manager. A locally authenticated low-privileged...

PT-2025-28969 · Palo Alto Networks · Globalprotect App

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App versions affected versions not specified Description: An incorrect privilege assignment allows a locally authenticated, non-administrative user to disable the GlobalProtect App, even when the configuration...

CVE-2025-49867

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through = 4.4.0...

CVE-2025-49867

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0...

CVE-2025-49867

Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through = 4.4.0...

CVE-2025-23970

CVE-2025-23970 concerns the WordPress plugin for aonetheme Service Finder Booking, with an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation . Affected software: Service Finder Booking up to version 6.0. Root cause and impact are stated across Connected documents: mis...

WordPress plugin RealHomes 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-27898

Name of the Vulnerable Software and Affected Versions: aonetheme Service Finder Booking versions n/a through 6.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability in the aonetheme Service Finder Booking, allowing Privilege Escalation. Recommendations: For versio...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to improper retention of the mstatus.SUM bit, which remains set contrary to privileged specification constraints. An attacker can gain unauthorized access to physical memory by exploiting this improper...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the installation process of the Import Page component in /admin-cp/imports. An attacker can gain unauthorized access to restricted actions or data by exploiting incorrect privilege assignments during...

GHSA-MRPH-PJV2-34F4 JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The...

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

A vulnerability classified as critical has been found in JuzaWeb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components

A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The...

GHSA-RQ7X-CFMC-RQ3W JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component

A vulnerability classified as critical has been found in JuzaWeb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to...

Apache CloudStack Authorization Issues Vulnerability

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...