CVE-2026-40619

A high security vulnerability affecting Security Center main server installations has been identified. It could allow an attacker with local OS privileges to the main server to access the Server Admin credentials. A third party hired by Genetec found the issue. There is currently no evidence of...

ROS-20260528-73-0001

The vulnerability of the getdumpable function in the Linux operating system’s kernel is related to insecure management of privileges. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

PT-2026-42260

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

EUVD-2026-25901

Dell Alienware Command Center AWCC, versions prior to 6.13.8.0, contain a Least Privilege Violation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

PT-2026-35491

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...

CVE-2026-35154

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially...

EUVD-2026-24337

An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected...

Improper Handling of Insufficient Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Privileges via the FileItemDTO component. An attacker can access metadata of files and sub-folders in any folder, including id, type, name, and other fields, by sending authenticated web service queries...

ROS-20260408-73-0031

A vulnerability in the fs/nfs component of the Linux kernel is related to incorrect privilege assignment. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial-of-service condition...

PT-2026-29891

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with operator or auditor roles to escalate privileges to the administrator role by sending specially crafted packets to the web server. Attackers can explo...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...

Google Android elevation of privilege vulnerability (CNVD-2026-14649)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that could be initiated anywhere due to proxy obfuscation in executeRequest of ActivityStarter.java. An attacker can exploit the vulnerability to gain...

PT-2026-22904

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

Linux Distros Unpatched Vulnerability : CVE-2026-2889

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/libccx/mp4.c. Performing a manipulation results...

CVE-2026-22268

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection...

MiracleLinux 4 : kernel-2.6.32-358.6.1.el6 (AXSA:2013-454:03)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2013-454:03 advisory. The kernel package contains the Linux kernel vmlinuz, the core of any Linux operating system. The kernel handles the basic functions of the operating...

PT-2026-2056

Name of the Vulnerable Software and Affected Versions Samsung Cloud versions prior to 5.6.11 Description A flaw exists in Samsung Cloud that involves improper handling of insufficient permissions. This allows local attackers to access specific files in arbitrary paths. Recommendations Update...