4050 matches found
CVE-2026-57813
Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through = 1.2.77.3...
CVE-2026-57768
Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...
CVE-2026-57410
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...
CVE-2026-57386
Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...
CVE-2026-57410 WordPress MailerPress plugin <= 2.0.2 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...
CVE-2026-57386 WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...
CVE-2026-54329
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...
EUVD-2026-42982
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...
CVE-2026-54329
Summary: CVE-2026-54329 affects Snipe-IT before 8.6.2, where the Accessories API can mass-assign the company_id field, enabling a low-privilege user in one company (with FMCS enabled) to create accessory records under another company. Root cause: API create path mass-assigns request parameters di...
CVE-2026-54329 Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API
Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...
EUVD-2026-42536
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-33390 Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-59253
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...
CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders
n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...
CVE-2026-59253
n8n before 2.28.0 is affected by an improper authorization vulnerability where authenticated users can assign workflows to folders in other projects. The issue allows bypassing project and folder authorization boundaries by sending crafted payloads during workflow creation, leading to logical int...
CVE-2026-14380
CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...
EUVD-2026-42000
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
CVE-2026-26053
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
CVE-2026-26053
CV-E-2026-26053 concerns the Command Centre Server. Affected versions: 9.50 before vEL9.50.1587(MR1), 9.40 before vEL9.40.3130(MR3), 9.30 before vEL9.30.3983(MR5), 9.20 before vEL9.20.4349(MR7), and all 9.10. Root cause: Incorrect Privilege Assignment (CWE-266) enabling an authenticated operator ...
CVE-2026-26053
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...