Security Bulletin: IBM Guardium Data Protection is affected by an Incorrect Permission Assignment for Critical Resource vulnerability (CVE-2025-25023)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-25023 DESCRIPTION: IBM Security Guardium could allow a privileged user to read any file on the system due to incorrect privilege assignment. CWE:CWE-266: Incorrect Privilege...

Incorrect Privilege Assignment Vulnerability

github.com/hashicorp/nomad is vulnerable to Incorrect Privilege Assignment. The vulnerability is due to a flawed implementation of prefix-based ACL policy lookup, which can cause rules to be incorrectly matched or shadowed, allowing an attacker to bypass intended access restrictions and potential...

Incorrect Privilege Assignment

Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root grou...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...

TencentOS Server 3: postgresql:12 (TSSA-2024:1120)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1120 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-4228

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root...

CVE-2025-4228

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root...

WordPress MapSVG Elevation of Privilege Vulnerability

WordPress MapSVG is a WordPress plugin for creating interactive maps. WordPress MapSVG suffers from an elevation of privilege vulnerability. The vulnerability stems from improper privilege assignment. An attacker can exploit the vulnerability to elevate privileges to elevate a low-privileged...

The vulnerability of Cisco Unified Communications and Contact Center Solutions software products, related to improper privilege assignment, allows attackers to elevate their privileges to the root level.

The vulnerability of Cisco Unified Communications and Contact Center Solutions software products is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to a root level...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the creation of a ServiceAccount with cluster-level privileges during deployment of a namespace-scoped custom resource. An attacker can gain elevated cluster-wide permissions by impersonating the...

CVE-2025-48129

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP...

GHSA-RX97-6C62-55MF Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

Incorrect Privilege Assignment

Overview github.com/hashicorp/nomad/command/agent is a package part of hashicorp's nomad. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to prefix-based ACL policy lookups. An attacker with knowledge of existing job names and permission to create a job can...

Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

IBM Application Gateway Incorrect Privilege Assignment Vulnerability

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...

CVE-2025-48129

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP...

CVE-2025-47561

Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through 8.6.13...

CVE-2025-23974

CVE-2025-23974 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin “One-Login” (versions n/a through 1.4). The issue allows privilege escalation within One-Login. Public sources in the connected documents (Wordfence, RH) indicate the vulnerability is currently unpatc...

CVE-2025-23974 WordPress One-Login plugin <= 1.4 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in ifkooo One-Login one-login allows Privilege Escalation.This issue affects One-Login: from n/a through = 1.4...