PT-2026-49301

Name of the Vulnerable Software and Affected Versions Kandji Agent versions prior to 4.7.55374 Description A client validation gap in the software allows a local attacker to escalate privileges and invoke restricted agent functionality. Recommendations Update to version 4.7.55374 or later...

PT-2026-49400

Contributor Privilege Escalation in B Blocks = 2.0.31 versions...

PT-2026-49401

Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery = 2.6.62 versions...

CVE-2026-50884

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components...

PT-2026-49230

Incorrect Privilege Assignment vulnerability in ThemeGrill Masteriyo - LMS allows Privilege Escalation. This issue affects Masteriyo - LMS: from n/a through 2.2.0...

CVE-2026-50881

The vulnerability CVE-2026-50881 affects impworks Bonsai v6.0 and is due to incorrect access control. Authenticated attackers with Editor privileges can escalate to Administrator and perform unauthorized account, password, and configuration changes. The NVD/ENISA and related sources describe the ...

PT-2026-49222

WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScrip...

CVE-2026-50884

CVE-2026-50884 affects statping-ng v0.93.0. Description: incorrect access control may allow attackers to escalate privileges to Administrator and access sensitive components. Documents list no public patch/version to mitigate or confirm exploitation details; no explicit root-cause technical speci...

PT-2026-49376

Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery 2.1.0 versions...

PT-2026-49325

Name of the Vulnerable Software and Affected Versions statping-ng version 0.93.0 Description Incorrect access control allows attackers to escalate privileges to Administrator and access sensitive components. Recommendations At the moment, there is no information about a newer version that contain...

CVE-2026-50891

Filestash v0.4.0 contains an access-control issue in the /admin/api/config component that allows privilege escalation via a crafted request. Root cause: incorrect access control. Affected: Filestash 0.4.0 (CVE-2026-50891). Impact noted as high (CVE metrics: Confidentiality and Integrity I/H; CVSS...

PT-2026-49201

The Wertheim SafeController Software, AssemblyVersion 6.15.8328.28014, does not sufficiently validate the branch code when a new branch is created. The branch code is later used in multiple application functions, including filesystem path generation for uploaded files, profile pictures, and...

PT-2026-49285

Name of the Vulnerable Software and Affected Versions Microvirt MEmu Android Emulator version 9.2.7.0 Description A flaw in the MemuService.exe component allows a local attacker to perform a Windows Service Hijacking attack, leading to local privilege escalation to SYSTEM level. Recommendations A...

PT-2026-49403

Unauthenticated Privilege Escalation in WP BASE Booking = 5.9.0 versions...

PT-2026-49492

Name of the Vulnerable Software and Affected Versions Amelia versions prior to 2.4 Description A privilege escalation issue exists where users with Subscriber roles can gain higher privileges. Recommendations Update to a version later than 2.3...

PT-2026-49501

Unauthenticated Privilege Escalation in Listdom = 5.5.0 versions...

GeoVision LPC2011/LPC2211 Web Interface / ssi.cgi privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface / ssi.cgi functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to credentials leak. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the Web Interface functionality of LPC2011/LPC2211 versions: 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. Confirmed Vulnerable Versions The...

CVE-2026-36213

The vulnerability CVE-2026-36213 affects Microvirt MEmu Android Emulator (Windows) up to version 9.2.7.0, in the MemuService.exe component. The issue enables local privilege escalation because the MemuSVC service runs with SYSTEM-level privileges while its binary is writable by a local user, allo...

UBUNTU-CVE-2026-8632

A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via operating system command injection...