Lucene search
K

4274 matches found

Cvelist
Cvelist
added 3 days ago33 views

CVE-2026-55843 Snipe-IT: Improper Privilege Management

Snipe-IT is an IT asset/license management system. Prior to 8.6.0, UsersController::update passes a missing permission request field through NormalizePermissionsPayloadAction and PreserveUnauthorizedPrivilegedPermissionsAction in a way that can overwrite a target user’s permissions with a sparse...

7CVSS0.00298EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42837

Improper Privilege Management, Improper Access Control vulnerability in Apache IoTDB. Authenticated users can escalate to full tree-path access by renaming themselves to internalauditor. This issue affects Apache IoTDB: from 2.0.8 before 2.0.10. Users are recommended to upgrade to version 2.0.10,...

6.5CVSS6.1AI score0.00209EPSS
Exploits0References1
OSV
OSV
added 2026/07/06 2:4 a.m.2 views

SUSE-SU-2026:2759-1 Security update for apache2

This update for apache2 fixes the following issues - CVE-2026-29167: modldap per-dir use-after-free bsc1267976. - CVE-2026-29170: modproxyftp XSS bsc1267977. - CVE-2026-34355: modproxyhtml buffer overflow bsc1267978. - CVE-2026-34356: malicious backend servers can lead to a heap-based buffer...

9.8CVSS7.2AI score0.11471EPSS
Exploits8References27
Cvelist
Cvelist
added 2026/07/05 7:0 a.m.32 views

CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management

A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...

7.5CVSS0.00288EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/06/30 5:4 a.m.16 views

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...

9.8CVSS6AI score0.00677EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2026/06/12 2:35 p.m.10 views

CVE-2026-44119

A flaw was found in Apache HTTP Server. This improper privilege management vulnerability allows local .htaccess authors to read files with the privileges of the httpd user. This could lead to unauthorized information disclosure...

5.5CVSS5.2AI score0.00171EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:27 p.m.5 views

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with TXSeries for Multiplatforms CVE-2026-3621. IBM WebSphere Liberty has been updated within TXSeries for Multiplatforms to address this vulnerability. Vulnerability Details CVEID:CVE-2026-362...

7.5CVSS5.4AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 9:25 p.m.6 views

Security Bulletin: An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced (CVE-2026-3621).

Summary An Improper Privilege Management vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Advanced CVE-2026-3621. IBM WebSphere Liberty has been updated within IBM CICS TX Advanced to address this vulnerability. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION:...

7.5CVSS5.4AI score0.00276EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/11 3:0 p.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager (CVE-2025-68161, CVE-2026-1726)

Summary Security Vulnerabilities have been addressed in IBM Guardium Key Lifecycle Manager Vulnerability Details CVEID:CVE-2026-1726 DESCRIPTION: IBM Security Guardium enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers cou...

6.3CVSS6.1AI score0.00743EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2026/06/10 2:27 a.m.12 views

SUSE CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

6.5CVSS5.4AI score0.00171EPSS
Exploits0References6
Redos
Redos
added 2026/06/10 12:0 a.m.8 views

ROS-20260610-73-0012

The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

8.8CVSS5.5AI score0.00226EPSS
Exploits0
Redos
Redos
added 2026/06/10 12:0 a.m.8 views

ROS-20260610-73-0007

The vulnerability in Thunderbird is related to the insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

8.8CVSS5.4AI score0.00221EPSS
Exploits0
OSV
OSV
added 2026/06/08 4:16 p.m.3 views

ALPINE-CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.9AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2026/06/08 3:17 p.m.94 views

CVE-2026-44119

Summary: CVE-2026-44119 is an Apache HTTP Server vulnerability described as improper privilege management that allows local .htaccess authors to read files with httpd user privileges. Affected versions are Apache HTTP Server 2.4.67 and earlier; the issue is fixed in 2.4.68. This aligns with multi...

5.5CVSS5.4AI score0.00171EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/08 3:17 p.m.13 views

EUVD-2026-35094

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/08 3:17 p.m.10 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/06/08 3:17 p.m.7 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.4AI score0.00171EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/08 3:17 p.m.9 views

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

5.5CVSS5.4AI score0.00171EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7778

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

5CVSS5.3AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.13 views

CVE-2026-26946

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

6.7CVSS5.4AI score0.00104EPSS
Exploits0References1
Rows per page
Query Builder