Lucene search
K

4050 matches found

NVD
NVD
added yesterday5 views

CVE-2026-57813

Incorrect Privilege Assignment vulnerability in properfraction MailOptin mailoptin allows Privilege Escalation.This issue affects MailOptin: from n/a through = 1.2.77.3...

9.8CVSS0.00483EPSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-57768

Incorrect Privilege Assignment vulnerability in favethemes Houzez Login Register houzez-login-register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through = 3.3.3...

8.2CVSS0.00321EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57410

Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...

8.8CVSS0.00417EPSS
Exploits0References1
NVD
NVD
added yesterday3 views

CVE-2026-57386

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday5 views

CVE-2026-57410 WordPress MailerPress plugin <= 2.0.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in MailerPress Team MailerPress mailerpress allows Privilege Escalation.This issue affects MailerPress: from n/a through = 2.0.2...

8.8CVSS0.00417EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday6 views

CVE-2026-57386 WordPress aBlocks plugin < 2.9.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Kodezen LLC aBlocks ablocks allows Privilege Escalation.This issue affects aBlocks: from n/a through 2.9.1...

8.8CVSS0.00417EPSS
Exploits0References1
NVD
NVD
added 4 days ago8 views

CVE-2026-54329

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS0.00389EPSS
Exploits0References5
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42982

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References5
CVE
CVE
added 4 days ago17 views

CVE-2026-54329

Summary: CVE-2026-54329 affects Snipe-IT before 8.6.2, where the Accessories API can mass-assign the company_id field, enabling a low-privilege user in one company (with FMCS enabled) to create accessory records under another company. Root cause: API create path mass-assigns request parameters di...

8.5CVSS6.1AI score0.00389EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-54329 Snipe-IT: Cross-Tenant Accessory Injection in Snipe-IT API

Snipe-IT is an IT asset/license management system. Prior to 8.6.2, the Accessories API create path mass-assigns request parameters to the Accessory model while companyid is mass assignable, allowing a low-privileged authenticated user in one company to create accessory records under another compa...

8.5CVSS0.00389EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42536

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-33390 Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
NVD
NVD
added 6 days ago10 views

CVE-2026-59253

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 6 days ago35 views

CVE-2026-59253 n8n - Improper Authorization in Workflow Assignment to Folders

n8n before 2.28.0 contains an improper authorization vulnerability allowing authenticated users to assign workflows to folders in other projects. Attackers can bypass project and folder authorization boundaries by supplying crafted request payloads during workflow creation, causing logical...

5.3CVSS0.00166EPSS
Exploits0References2
CVE
CVE
added 6 days ago10 views

CVE-2026-59253

n8n before 2.28.0 is affected by an improper authorization vulnerability where authenticated users can assign workflows to folders in other projects. The issue allows bypassing project and folder authorization boundaries by sending crafted payloads during workflow creation, leading to logical int...

5.3CVSS5.9AI score0.00166EPSS
Exploits0References2Affected Software1
CVE
CVE
added last week12 views

CVE-2026-14380

CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...

8.8CVSS6.3AI score0.00498EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added last week5 views

EUVD-2026-42000

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added last week32 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS0.00153EPSS
Exploits0References1
CVE
CVE
added last week13 views

CVE-2026-26053

CV-E-2026-26053 concerns the Command Centre Server. Affected versions: 9.50 before vEL9.50.1587(MR1), 9.40 before vEL9.40.3130(MR3), 9.30 before vEL9.30.3983(MR5), 9.20 before vEL9.20.4349(MR7), and all 9.10. Root cause: Incorrect Privilege Assignment (CWE-266) enabling an authenticated operator ...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week7 views

CVE-2026-26053

An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...

5.3CVSS5.9AI score0.00153EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder