91 matches found
CVE-2026-33390
Summary: CVE-2026-33390 affects Arc sensors’ synchronization in Guardian/CMC prior to version 26.2.0. The root cause is an incorrect privilege assignment where Arc sensors receive CLI permissions during sync, allowing an authenticated user with limited privileges to issue administrative CLI comma...
CVE-2026-26053
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
CVE-2026-21016
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-22315
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...
EUVD-2026-34797
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21025
Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-42680 WordPress Contest Gallery Pro plugin <= 29.0.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...
CVE-2025-32747
Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2026-22315
Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...
Incorrect Privilege Assignment
Overview @budibase/backend-core is a Budibase backend core libraries used in server and worker Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the POST /api/public/v1/roles/unassign endpoint. Users can retain their privileges up to one hour after bulk...
K000159021: iControl SOAP vulnerability CVE-2026-35062
Security Advisory Description An authenticated iControl SOAP user may be able to obtain information of other accounts. CVE-2026-35062 Impact A low privileged authenticated remote attacker may be able to obtain information of other local accounts. There is no data plane exposure; this is a control...
CVE-2026-21016
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21016
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21016
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
CVE-2026-21016
CVE-2026-21016 involves an incorrect privilege assignment in LocationManager, enabling local attackers to access sensitive information. Affected component: LocationManager. Root cause: improper privilege handling leading to information disclosure. Impact: local access to sensitive data, with conf...
PT-2026-40569
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
Esri Portal for ArcGIS 11.5 < Security 2026 Update 1 Incorrect Privilege Assignment (CVE-2026-33518)
The version of Esri Portal for ArcGIS 11.5 installed is missing Security 2026 Update 1. It is, therefore, affected by a vulnerability: - An incorrect privilege assignment vulnerability exists in Portal for ArcGIS that allows highly privileged users to create developer credentials that may grant...
Multiple vulnerabilities in silex technology SD-330AC and AMC Manager
Overview SD-330AC and AMC Manager provided by silex technology, Inc. contain multiple vulnerabilities listed below. Stack-based buffer overflow in processing the redirect URLs CWE-121 - CVE-2026-32955 Heap-based buffer overflow in processing the redirect URLs CWE-122 - CVE-2026-32956 Missing...
CVE-2026-21011
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...
CVE-2026-25334 WordPress Salon Booking System Pro plugin < 10.30.12 - Account Takeover vulnerability
Incorrect Privilege Assignment vulnerability in wordpresschef Salon Booking System Pro salon-booking-plugin-pro allows Privilege Escalation.This issue affects Salon Booking System Pro: from n/a through 10.30.12...