4281 matches found
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the createUser process in auth/proxy.go when proxy authentication is enabled and default settings include non-empty commands. An attacker can gain unauthorized execution capabilities and access to...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the POST /sessions/:sessionKey/kill process. An attacker can terminate active subagent sessions by sending requests with only read-scoped identity-bearing...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the operator.write process. An attacker can gain unauthorized access to admin-level Telegram configuration and cron persistence by sending crafted request...
Improper Privilege Management
kubevirt.io/kubevirt is vulnerable to improper privilege management. The vulnerability is due to excessive permissions granted to the virt-handler service account, which allows an attacker to abuse update and patch capabilities to force VMI migration or schedule privileged pods onto a compromised...
CVE-2026-5373
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...
CVE-2026-5373 runZero Platform superuser privilege escalation
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...
PT-2026-30836
An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...
Improper Privilege Management
ci4-cms-erp/ci4ms is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization and output encoding of user-controlled profile name input, which allows an attacker to inject and execute malicious JavaScript in application views...
Improper Privilege Management
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Improper Privilege Management via the profile name update process. An attacker can execute arbitrary JavaScript in the browsers of users, including administrators, by...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...
ROS-20260330-73-0001
A vulnerability in the LSILogic module of the Oracle VM VirtualBox virtualization software tool is associated with insecure privilege management due to incorrect memory freeing. Exploitation of the vulnerability could allow an attacker to gain unauthorized access to protected information...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management via the restore process. An attacker can gain unauthorized administrative privileges by uploading a crafted SQLite database file, allowing access to user management, audit logs, debug endpoints, and operato...
CVE-2026-24510
Dell Alienware Command Center AWCC, versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-20991
Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents...
CVE-2026-1993
The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the updatesettings function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible fo...
EUVD-2026-16006
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...
CVE-2026-4824 Enter Software Iperius Backup Backup Job Configuration File privileges management
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...
CVE-2026-4824
Technical details about CVE-2026-4824 (affected product, vulnerable component, exact exploit path, and remediation specifics) are not publicly provided in the supplied documents. Monitor for updates.
CVE-2026-4824 Enter Software Iperius Backup Backup Job Configuration File privileges management
A vulnerability has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this issue is some unknown functionality of the component Backup Job Configuration File Handler. The manipulation leads to improper privilege management. The attack must be carried out locally. The attack is...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management in the IPC API process when spurious data is provided by an unprivileged local user. An attacker can cause the system to freeze or overwrite the stack by sending crafted IPC API calls. Remediation A fix was...