EUVD-2026-36059

Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained a security vulnerability. This vulnerability stemmed from a batch assignment issue during the creation and updating of assistants, which could lead to...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.2 contained security vulnerabilities. These vulnerabilities stemmed from issues with batch assignment during the creation and updating of CustomTemplates, which...

EUVD-2026-34289

A mass assignment vulnerability exists in the MISP user edit functionality due to insufficient filtering of user-supplied fields in UsersController::edit. When processing edit requests, the application accepted a user-controlled User.id value from request data. An authenticated attacker could cra...

PT-2026-45441

Name of the Vulnerable Software and Affected Versions Sergey AIWU versions prior to 1.4.17 Description Incorrect privilege assignment in Sergey AIWU allows for privilege escalation, which occurs when a user is granted more permissions than intended, enabling them to perform unauthorized actions...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-48172 - LiteSpeed cPanel Plugin Vulnerability Auditor...

CVE-2026-42731 WordPress miniorange otp verification plugin <= 5.4.9 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in miniOrange miniorange otp verification miniorange-otp-verification allows Privilege Escalation.This issue affects miniorange otp verification: from n/a through = 5.4.9...

CVE-2025-32747

Dell PowerFlex Manager

CVE-2025-32747

Dell PowerFlex Manager, versions =4.6.2, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2026-22315

Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server...

Flowise 安全漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Versions of Flowise prior to 3.1.0 contained security vulnerabilities. These vulnerabilities stemmed from an improper bulk assignment vulnerability in the account registration endpoint, allowing...

CVE-2026-21011

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock...

PT-2026-30694

Chyrp Lite is an ultra-lightweight blogging engine. Prior to 2026.01, an IDOR / Mass Assignment issue exists in the Post model that allows authenticated users with post editing permissions Edit Post, Edit Draft, Edit Own Post, Edit Own Draft to modify posts they do not own and do not have...

CVE-2026-32520

CVE-2026-32520 applies to RewardsWP (RewardsWP plugin for WooCommerce/WordPress) and is an Incorrect Privilege Assignment vulnerability that enables Privilege Escalation. Affected version: RewardsWP rewardswp from unspecified-n/a to

CVE-2026-27051

CVE-2026-27051: A Privilege Escalation via Incorrect Privilege Assignment in the WordPress theme Golo (uxper)

CVE-2026-24971 WordPress Search & Go theme <= 2.8 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Elated-Themes Search & Go searchgo allows Privilege Escalation.This issue affects Search & Go: from n/a through = 2.8...

CVE-2026-21425

Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

CVE-2026-22268

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection...

Incorrect Privilege Assignment

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to insufficient ownership verification in the UserManagedPermissionService...

SOPlanning 安全漏洞

SOPlanning is a suite of online project management software from SOPlanning, Inc. A security vulnerability exists in SOPlanning versions prior to 1.55 that stems from an improper assignment of privileges in the User Management tab, which could result in elevated privileges...