CVE-2025-5819 Incorrect Permission Assignment for Critical Resource in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances...

BIT-LIBPHP-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free

In PHP versions 8.3. before 8.3.19 and 8.4. before 8.4.5, a code sequence involving set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the...

Linux Distros Unpatched Vulnerability : CVE-2025-38391

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignmen...

The vulnerability of the Vault Enterprise and Vault Community Edition archiving platforms for corporate information, related to improper privilege assignment, allows attackers to elevate their privileges to the root level.

The vulnerability of the Vault Enterprise and Vault Community Edition archiving platforms for corporate information is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to the root level...

Linux Distros Unpatched Vulnerability : CVE-2025-37878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child even...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the /api/pull endpoint. An attacker can remove files from the file system by sending a specially crafted packet to this endpoint. Remediation Upgrade...

CVE-2025-45764

jsrsasign v11.1.0 was discovered to contain weak encryption. NOTE: this issue has been disputed by a third party who believes that CVE IDs can be assigned for key lengths in specific applications that use a library, and should not be assigned to the default key lengths in a library. This dispute ...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity endpoint in the root namespace. An attacker can gain unauthorized access to elevated privileges by modifying token permissions to use the root policy. Remediation Upgrade...

CVE-2025-2179

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 description Basically below tool allow f...

The vulnerability of the monitoring, analysis, and automatic issue resolution platform of Palo Alto Networks Autonomous Digital Experience Manager lies in improper privilege assignment, allowing attackers to elevate their privileges to the root level.

The vulnerability of the monitoring, analysis, and automatic issue resolution platform used by Palo Alto Networks Autonomous Digital Experience Manager is related to improper privilege assignment. Exploiting this vulnerability can allow attackers to elevate their privileges to the root level...

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App, related to improper privilege assignment, allows a attacker to compromise the accessibility of protected information.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the improper assignment of privileges. Exploiting this vulnerability allows an attacker to compromise the accessibility of the protected information...

SUSE CVE-2025-38391

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

CVE-2025-2179

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

CVE-2025-2179 GlobalProtect App: Non Admin User Can Disable the GlobalProtect App

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on Linux devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

GO-2025-3758 Hashicorp Nomad Incorrect Privilege Assignment vulnerability in github.com/hashicorp/nomad

Hashicorp Nomad Incorrect Privilege Assignment vulnerability in github.com/hashicorp/nomad...

PT-2025-31220 · Palo Alto Networks · Globalprotect App

Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App on Linux devices affected versions not specified Description: An incorrect privilege assignment allows a locally authenticated, non-administrative user to disable the GlobalProtect app, even if the app’s...

The vulnerability of the FTP service provided by TOTOLINK N600R and X2000R microprogrammable router software allows attackers to increase their privileges.

The vulnerability of the FTP service provided by TOTOLINK N600R and X2000R microprogrammed router software is related to the improper assignment of privileges. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

CVE-2025-38461

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...