4274 matches found
CVE-2026-55843 Snipe-IT: Improper Privilege Management
Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...
EUVD-2026-42837
Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...
SUSE-SU-2026:2759-1 Security update for apache2
This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...
CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management
A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...
CVE-2026-44119
A flaw was found in Apache HTTP Server. This improper privilege management vulnerability allows local .htaccess authors to read files with the privileges of the httpd user. This could lead to unauthorized information disclosure...
Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2026-3621).
Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2026-3621. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2026-362...
Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).
Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...
Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)
Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...
SUSE CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
ROS-20260610-73-0012
The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
ROS-20260610-73-0007
The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...
ALPINE-CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-44119
Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...
EUVD-2026-35094
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-7778
An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...
CVE-2026-26946
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...