Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root group. An attacker can gain elevated privileges by authenticating as a new user through SSH...

Incorrect Privilege Assignment

Overview github.com/ubuntu/authd/internal/users is an authentication daemon for external Broker Affected versions of this package are vulnerable to Incorrect Privilege Assignment when a new user logs in via SSH and does not exist in the user database, the session assigns the user to the root grou...

Mass Assignment Attack

org.springframework, spring-context is vulnerable to Mass Assignment Attack. The vulnerability is due to incomplete enforcement of the disallowedFields mechanism, which allows certain request parameters to bypass intended binding restrictions even after applying locale-independent lowercase...

The vulnerability of the ACL-policy search mechanism based on application prefixing by the Nomad orchestrator allows attackers to bypass existing security mechanisms.

The vulnerability of the ACL-policy-based search mechanism of the Nomad application lies in the improper assignment of access control rules. Exploiting this vulnerability allows a malicious actor to bypass existing security mechanisms by creating tasks with special prefix names...

TencentOS Server 3: postgresql:12 (TSSA-2024:1120)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1120 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-4228

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root...

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

CVE-2025-4228

An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root...

WordPress MapSVG Elevation of Privilege Vulnerability

WordPress MapSVG is a WordPress plugin for creating interactive maps. WordPress MapSVG suffers from an elevation of privilege vulnerability. The vulnerability stems from improper privilege assignment. An attacker can exploit the vulnerability to elevate privileges to elevate a low-privileged...

The vulnerability of Cisco Unified Communications and Contact Center Solutions software products, related to improper privilege assignment, allows attackers to elevate their privileges to the root level.

The vulnerability of Cisco Unified Communications and Contact Center Solutions software products is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to elevate their privileges to a root level...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the creation of a ServiceAccount with cluster-level privileges during deployment of a namespace-scoped custom resource. An attacker can gain elevated cluster-wide permissions by impersonating the...

CVE-2025-48129

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP...

Incorrect Privilege Assignment

Overview github.com/hashicorp/nomad/command/agent is a package part of hashicorp's nomad. Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to prefix-based ACL policy lookups. An attacker with knowledge of existing job names and permission to create a job can...

GHSA-RX97-6C62-55MF Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

Hashicorp Nomad Incorrect Privilege Assignment vulnerability

Nomad Community and Nomad Enterprise “Nomad” prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14...

IBM Application Gateway Incorrect Privilege Assignment Vulnerability

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

Apache CloudStack 安全漏洞

Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An authorization issue vulnerability exists in Apache CloudStack...

CVE-2025-48129

Incorrect Privilege Assignment vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light excel-like-price-change-for-woocommerce-and-wp-e-commerce-light allows Privilege Escalation.This issue affects Spreadsheet Price Changer for WooCommerce and WP...

CVE-2025-47561

Incorrect Privilege Assignment vulnerability in RomanCode MapSVG mapsvg allows Privilege Escalation.This issue affects MapSVG: from n/a through 8.6.13...