CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser...

PT-2025-24462 · Unknown · Ifkooo One-Login

Name of the Vulnerable Software and Affected Versions: ifkooo One-Login versions n/a through 1.4 Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in ifkooo One-Login. Recommendations: For ifkooo One-Login versions n/a through...

WordPress plugin MapSVG 安全漏洞

WordPress MapSVG is a WordPress plugin for creating interactive maps. WordPress MapSVG suffers from an elevation of privilege vulnerability. The vulnerability stems from improper privilege assignment. An attacker can exploit the vulnerability to elevate privileges to elevate a low-privileged...

WordPress plugin One-Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-24430 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue is related to an incorrect authorization vulnerability. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to...

Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

IBM Application Gateway 安全漏洞

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

The vulnerability of the Houzez Theme plugin of the WordPress content management system allows attackers to increase their privileges.

The vulnerability of the Houzez Theme plugin for WordPress content management systems is related to incorrect privilege assignment. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

Devolutions Server <= 2024.3.15.0 / 2025.1.3.0 <= 2025.1.7.0 Improper Privilege Assignment (DEVO-2025-0008)

The version of Devolutions Server installed on the remote host is prior or equal to 2024.3.15.0 or 2025.1.3.0 through 2025.1.7.0 and is, therefore, affected by an improper privilege assignment vulnerability: - Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

The CVE-2025-4493 entry concerns Devolutions Server, where an improper privilege assignment in PAM JIT privilege sets can let a PAM user perform PAM JIT requests on unauthorized groups due to a user interface issue. Impacted versions include 2025.1.3.0–2025.1.7.0 and 2024.3.15.0 and earlier. The ...

PT-2025-23082 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.15.0 and earlier Devolutions Server versions 2025.1.3.0 through 2025.1.7.0 Description: The issue is related to improper privilege assignment in PAM JIT privilege sets, allowing a PAM user to perform PAM JIT...

GHSA-QPXX-2CWH-R5VH pypickle Incorrect Privilege Assignment vulnerability

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

pypickle Incorrect Privilege Assignment vulnerability

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

CVE-2025-39489

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through = 4.5.0...

CVE-2025-47631

Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.020 through 11...