CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

CVE-2025-32747

Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

Incorrect Privilege Assignment

Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the POST /api/public/v1/roles/unassign endpoint. Users can retain their privileges up to one hour after bulk...

K000159021: iControl SOAP vulnerability CVE-2026-35062

Security Advisory Description An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-35062 Impact A low privileged authenticated remote attacker may be able to obtain information of other local accounts. There is no data plane exposure; this is a control...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

CVE-2026-21016 involves an incorrect privilege assignment in LocationManager, enabling local attackers to access sensitive information. Affected component: LocationManager. Root cause: improper privilege handling leading to information disclosure. Impact: local access to sensitive data, with conf...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

PT-2026-40569

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

Esri Portal for ArcGIS 11.5 < Security 2026 Update 1 Incorrect Privilege Assignment (CVE-2026-33518)

The version of Esri Portal for ArcGIS 11.5 installed is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect privilege assignment vulnerability exists in Portal for ArcGIS that allows highly privileged users to create developer credentials that may grant...

Multiple vulnerabilities in silex technology SD-330AC and AMC Manager

Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...

CVE-2026-21011

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...

CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability

Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through 10.30.12...

CVE-2026-24971

CVE-2026-24971 concerns the WordPress theme Search & Go (component searchgo) with an Incorrect Privilege Assignment that enables Privilege Escalation for authenticated users. Affected versions are up to and including 2.8. The vulnerability is documented across multiple feeds, including Red Hat an...

CVE-2026-1497

Neo4j Enterprise suffers an incorrect namespace resolution in composite databases, before versions 2026.02 and 5.26.22. An admin granting access to a remote constituent "namespace.name" can inadvertently grant privileges to any local database or remote alias named "name"; if that target doesn’t e...

CVE-2026-1497 Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any...

CVE-2026-20037

CVE-2026-20037 affects Cisco UCS Manager Software with NX-OS CLI privilege levels. An authenticated, read-only user can connect to the NX-OS CLI and leverage unnecessary privileges to create or overwrite files or perform limited privileged actions on the device. The issue stems from excessive pri...

CVE-2026-22268

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection...

CVE-2026-22267

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges...