1219 matches found
WordPress plugin wProject 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-22100 · Project · Project
Name of the Vulnerable Software and Affected Versions: wProject versions prior to 5.8.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability. This vulnerability affects wProject, with details about the impact or exploitation not specified beyond the general...
CVE-2025-0135
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
CVE-2025-0135
The vulnerability CVE-2025-0135 affects the Palo Alto Networks GlobalProtect App on macOS, caused by an incorrect privilege assignment that allows a locally authenticated non-administrative user to disable the app. Other platforms (Windows, Linux, iOS, Android, Chrome OS, UWP) are not affected. P...
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
Palo Alto Networks GlobalProtect 安全漏洞
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that stems from an improper assignment of...
PT-2025-21212 · Palo Alto Networks · Globalprotect App
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App version affected versions not specified Description: An incorrect privilege assignment issue in the GlobalProtect App on macOS devices allows a locally authenticated non-administrative user to disable the...
Intel Tiber Edge Platform Edge Orchestrator 安全漏洞
Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevation ...
Intel Tiber Edge Platform Edge Orchestrator 安全漏洞
Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevated...
Intel Tiber Edge Platform Edge Orchestrator 安全漏洞
Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevated...
Siemens SCALANCE LPE9403 安全漏洞
Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A security bypass vulnerability exists in the Siemens SCALANCE LPE9403 that stems from improper assignment of critical...
The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, which stems from improper privilege assignment, allows attackers to gain unauthorized access to protected information.
The vulnerability of the IBM Guardium Data Protection platform for data security protection is related to improper privilege assignment. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...
CVE-2025-4374 Quay: incorrect privilege assignment
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...
CVE-2025-4374
CVE-2025-4374 affects Quay: when an organization acts as a proxy cache and a user/robot pulls an unmapped image, the newly created repository may be granted Admin privileges due to an improper privilege assignment in the proxy cache flow. Impact described as elevated (Admin) access on the new rep...
CVE-2025-4374 Quay: incorrect privilege assignment
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...
CVE-2025-3517
Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username...
VulnCheck KEV: CVE-2025-27007
Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through = 1.0.82...
The vulnerability of the Delphix Continuous Data and Delphix Continuous Compliance data management tools lies in improper privilege assignment, allowing attackers to gain control over the command line of the operating system.
The vulnerability of the Delphix Continuous Data data management software is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to gain control over the command line of the operating system...
Important: runc
Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...