CVE-2026-42680

Incorrect Privilege Assignment vulnerability in Wasiliy Strecker / ContestGallery developer Contest Gallery Pro allows Privilege Escalation. This issue affects Contest Gallery Pro: from n/a through 29.0.1...

EUVD-2026-9653

Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...

CVE-2024-41720

Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device...

CVE-2022-0277

Incorrect Permission Assignment for Critical Resource in Packagist microweber/microweber prior to 1.2.11...

EUVD-2017-4210

Malware in sbrugna...

EUVD-2016-3619

Malware in sbrugna...

EUVD-2021-27973

Malicious code in bioql PyPI...

EUVD-2024-33376

Malicious code in bioql PyPI...

EUVD-2025-14672

Malicious code in bioql PyPI...

CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

CVE-2025-48482

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48476

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48476

CVE-2025-48476 affects FreeScout (Laravel-based open source help desk). Root cause: when adding/editing user records via the fill() method, missing validation for the absence of the password field allows mass-assignment, enabling a user with edit rights to change another user’s password and then ...

CVE-2025-4493

The CVE-2025-4493 entry concerns Devolutions Server, where an improper privilege assignment in PAM JIT privilege sets can let a PAM user perform PAM JIT requests on unauthorized groups due to a user interface issue. Impacted versions include 2025.1.3.0–2025.1.7.0 and 2024.3.15.0 and earlier. The ...

CVE-2025-5262

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 139 and Thunderbird 128.11...

CVE-2023-51430

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak...

CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have...

CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form

iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...