Lucene search
K

4281 matches found

Snyk
Snyk
added 2026/04/08 12:5 a.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...

8.8CVSS5.9AI score0.00383EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/07 6:15 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the POST /sessions/:sessionKey/kill process. An attacker can terminate active subagent sessions by sending requests with only read-scoped identity-bearing...

5.4CVSS5.8AI score0.00187EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/07 6:11 p.m.5 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...

8.8CVSS5.8AI score0.00232EPSS
Exploits0References2
Veracode
Veracode
added 2026/04/07 4:37 p.m.7 views

Improper Privilege Management

kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...

6.9CVSS5.9AI score0.00254EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.19 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30836

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References5
Veracode
Veracode
added 2026/04/04 5:24 a.m.10 views

Improper Privilege Management

ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...

9.4CVSS5.9AI score0.00297EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/04/03 4:0 a.m.3 views

Improper Privilege Management

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Privilege Management via the profile name update process. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...

9.9CVSS6.1AI score0.00297EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/03 2:57 a.m.9 views

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...

5.2CVSS5.9AI score0.00124EPSS
Exploits0References2
Redos
Redos
added 2026/03/30 12:0 a.m.8 views

ROS-20260330-73-0001

A vulnerability in the LSILogic module of the Oracle VM VirtualBox virtualization software tool is associated with insecure privilege management due to incorrect memory freeing. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information...

6CVSS5.9AI score0.00291EPSS
Exploits0
Snyk
Snyk
added 2026/03/27 11:25 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...

8.6CVSS5.9AI score0.00388EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-24510

Dell Alienware Command Center AWCC, versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS5.8AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:8 p.m.5 views

CVE-2026-20991

Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents...

6.7CVSS5.8AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:1 p.m.5 views

CVE-2026-1993

The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...

8.8CVSS6AI score0.0038EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 12:30 a.m.4 views

EUVD-2026-16006

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

7.3CVSS4.9AI score0.00136EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/03/25 9:44 p.m.27 views

CVE-2026-4824 Enter Software Iperius Backup Backup Job Configuration File privileges management

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

7.3CVSS0.00136EPSS
Exploits0References5
CVE
CVE
added 2026/03/25 9:44 p.m.29 views

CVE-2026-4824

Technical details about CVE-2026-4824 (affected product, vulnerable component, exact exploit path, and remediation specifics) are not publicly provided in the supplied documents. Monitor for updates.

7.3CVSS6.1AI score0.00136EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/25 9:44 p.m.2 views

CVE-2026-4824 Enter Software Iperius Backup Backup Job Configuration File privileges management

A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...

7.3CVSS6.1AI score0.00136EPSS
Exploits0References5
Snyk
Snyk
added 2026/03/23 10:34 p.m.10 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the IPC API process when spurious data is provided by an unprivileged local user. An attacker can cause the system to freeze or overwrite the stack by sending crafted IPC API calls. Remediation A fix was...

7.8CVSS5.9AI score0.00121EPSS
Exploits0References2
Rows per page
Query Builder