CVE-2025-23974

CVE-2025-23974 describes an Incorrect Privilege Assignment vulnerability in the WordPress plugin “One-Login” (versions n/a through 1.4). The issue allows privilege escalation within One-Login. Public sources in the connected documents (Wordfence, RH) indicate the vulnerability is currently unpatc...

CVE-2025-23974 WordPress One-Login plugin <= 1.4 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in ifkooo One-Login one-login allows Privilege Escalation.This issue affects One-Login: from n/a through = 1.4...

CVE-2025-40670

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser...

PT-2025-24462 · Unknown · Ifkooo One-Login

Name of the Vulnerable Software and Affected Versions: ifkooo One-Login versions n/a through 1.4 Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation in ifkooo One-Login. Recommendations: For ifkooo One-Login versions n/a through...

WordPress plugin MapSVG 安全漏洞

WordPress MapSVG is a WordPress plugin for creating interactive maps. WordPress MapSVG suffers from an elevation of privilege vulnerability. The vulnerability stems from improper privilege assignment. An attacker can exploit the vulnerability to elevate privileges to elevate a low-privileged...

WordPress plugin One-Login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-24430 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue is related to an incorrect authorization vulnerability. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to...

The vulnerability of the sniff_mp4 function in the libsoup library, a graphical interface library for GNOME, allows a hacker to cause a service failure.

The vulnerability of the sniffmp4 function in the libsoup library, a graphical interface library for GNOME, is related to pointer assignment errors. Exploiting this vulnerability could allow an attacker to cause a service failure by sending a specially crafted POST request...

CVE-2025-48911

Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2025-48911

Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability...

PT-2025-24030 · Huawei · Harmonyos

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue concerns a vulnerability of improper permission assignment in the note sharing module. Successful exploitation of this vulnerability may affect availability. Recommendations: At th...

The vulnerability of the wlan STA driver microprogramming software of MediaTek, which allows a hacker to cause a service failure.

The vulnerability of the wlan STA driver’s microprogramming software from MediaTek is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-45655

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...

The vulnerability of MediaTek’s Bluetooth driver software allows a hacker to trigger a service failure.

The vulnerability of the Bluetooth driver for Microprogramming Software MediaTek chips is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to cause system failures...

The vulnerability of the wlan STA driver microprogramming software of MediaTek, which allows a hacker to cause a service failure.

The vulnerability of the wlan STA driver’s microprogramming software from MediaTek is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

Grafana 11.3.x < 11.3.0+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

Grafana 11.2.x < 11.2.3+security-01 Incorrect Privilege Assignment

According to its self-reported version, the Grafana install hosted on the remote host is 11.2.x earlier than 11.2.3+security-01, or 11.3.x earlier than 11.3.0+security-01. It is, therefore, affected by a incorrect privilege assignment vulnerability. Note that the scanner has not tested for these...

CVE-2024-45655 IBM Application Gateway incorrect permission assignment

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...

CVE-2024-45655 IBM Application Gateway incorrect permission assignment

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...

Security Bulletin: Security vulnerabilities discovered in IBM Application Gateway (CVE-2023-5455, CVE-2024-37370, CVE-2024-45655)

Summary Security vulnerabilities discovered in the IBM Application Gateway have been addressed. Vulnerability Details CVEID:CVE-2023-5455 DESCRIPTION: FreeIPA is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to...