72 matches found
CVE-2026-14719 SourceCodester Onlne Examination & Learning Management System Registration Endpoint register.php privileges management
A flaw has been found in SourceCodester Onlne Examination & Learning Management System 1.0. The impacted element is an unknown function of the file register.php of the component Registration Endpoint. Executing a manipulation of the argument role can lead to improper privilege management. The...
Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...
CVE-2026-44119
A flaw was found in Apache HTTP Server. This improper privilege management vulnerability allows local .htaccess authors to read files with the privileges of the httpd user. This could lead to unauthorized information disclosure...
CVE-2026-44119
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...
CVE-2026-10217 nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management
A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...
CVE-2026-10217
Nextlevelbuilder GoClaw up to v3.11.3 is affected by a flaw in the handleSave function of internal/http/tts_config.go within the RoleAdmin Gateway, causing improper privilege management. Remote exploitation is possible; a public exploit exists, and the issue has been labeled as a bug by the proje...
CVE-2026-0246
CVE-2026-0246: Prisma Access Agent contains a privilege management flaw that allows a locally authenticated non-administrative user to escalate to root on macOS/Linux or NT AUTHORITY\SYSTEM on Windows, enabling arbitrary code execution and access to privileged data. Affected: Prisma Access Agent ...
PT-2026-40575
Name of the Vulnerable Software and Affected Versions Samsung System Support Service versions prior to 8.0.8.0 Description Improper privilege management allows local attackers to trigger privileged functions. Recommendations Update to version 8.0.8.0 or later...
PT-2026-40140
Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...
CVE-2026-26946
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...
CVE-2026-26946
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...
CVE-2026-23772
Dell Storage Manager - Replay Manager for Microsoft Servers, versions 8.0, contains an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
EUVD-2026-11303
Dell Alienware Command Center AWCC, versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...
Improper Privilege Management
Overview Affected versions of this package are vulnerable to Improper Privilege Management via the IsAdmin field in the user profile update process. An attacker can gain unauthorized administrative privileges by sending a crafted PUT request to their own user profile endpoint with IsAdmin set to...
Dell PowerScale OneFS 8.2.2 <= 9.4.0.17 / 9.5.0 <= 9.5.0.8 / 9.6.0.0 <= 9.7.0.3 / 9.8.0.0 < 9.8.0.1 Privilege Management (DSA-2024-255)
The Dell PowerScale OneFS on the remote device is missing a security patch and is, therefore, affected by privilege management vulnerability: - Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability. A local high privileged attacker could...
CVE-2025-13787 ZenTao File control.php delete privileges management
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack...
Fortinet多款产品 安全漏洞
Fortinet FortiOS and others are products of Fortinet, Inc.Fortinet FortiOS is a dedicated security operating system on the FortiGate network security platform.Fortinet FortiProxy is a secure network proxy that protects employees by combining a variety of detection technologies such as Web...
Fortinet Fortigate Trusted hosts bypass via SSH (FG-IR-25-545)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-25-545 advisory. - An Improper Privilege Management vulnerability CWE-269 in FortiOS, FortiProxy and FortiPAM may allow an authenticated...
CVE-2025-24863
Improper privilege management for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result...
PT-2025-46398
Name of the Vulnerable Software and Affected Versions IntelR CIP software versions prior to WIN DCA 2.4.0.11001 Description An improper privilege management issue exists in some IntelR CIP software. This may allow an information disclosure within Ring 3 User Applications. An unprivileged software...