CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

CVE-2025-48476

CVE-2025-48476 affects FreeScout (Laravel-based open source help desk). Root cause: when adding/editing user records via the fill() method, missing validation for the absence of the password field allows mass-assignment, enabling a user with edit rights to change another user’s password and then ...

CVE-2025-48747

Netwrix Directory Manager formerly Imanami GroupID before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource...

Devolutions Server <= 2024.3.15.0 / 2025.1.3.0 <= 2025.1.7.0 Improper Privilege Assignment (DEVO-2025-0008)

The version of Devolutions Server installed on the remote host is prior or equal to 2024.3.15.0 or 2025.1.3.0 through 2025.1.7.0 and is, therefore, affected by an improper privilege assignment vulnerability: - Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a...

CVE-2025-48747

Netwrix Directory Manager formerly Imanami GroupID before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-4493

The CVE-2025-4493 entry concerns Devolutions Server, where an improper privilege assignment in PAM JIT privilege sets can let a PAM user perform PAM JIT requests on unauthorized groups due to a user interface issue. Impacted versions include 2025.1.3.0–2025.1.7.0 and 2024.3.15.0 and earlier. The ...

CVE-2025-48747

Netwrix Directory Manager formerly Imanami GroupID before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource...

PT-2025-23109 · Netwrix · Netwrix Directory Manager

Name of the Vulnerable Software and Affected Versions: Netwrix Directory Manager versions prior to 11.1.25134.03 Description: The issue is related to Incorrect Permission Assignment for a Critical Resource. Recommendations: For versions prior to 11.1.25134.03, update to version 11.1.25134.03 or...

CVE-2025-48747

CVE-2025-48747 affects Netwrix Directory Manager (formerly Imanami GroupID). Versions prior to 11.1.25134.03 or after 11.0.0.0 are impacted by Incorrect Permission Assignment for a Critical Resource. The issue is documented across multiple feeds (NVD/Red Hat/CVE list). Remediation: upgrade to ver...

PT-2025-23082 · Devolutions · Devolutions Server

Name of the Vulnerable Software and Affected Versions: Devolutions Server versions 2024.3.15.0 and earlier Devolutions Server versions 2025.1.3.0 through 2025.1.7.0 Description: The issue is related to improper privilege assignment in PAM JIT privilege sets, allowing a PAM user to perform PAM JIT...

The vulnerability of the dcpd service in the microprogramming software of Siemens Scalance LPE9403 allows a hacker to trigger a maintenance failure.

The vulnerability of the dcpd service in Siemens Scalance LPE9403 microprogramming software is related to errors in pointer assignment. Exploiting this vulnerability can allow a malicious actor to trigger a service failure by sending specially crafted malware packages...

CVE-2025-5262

A double-free could have occurred in vpxcodecencinitmulti after a failed allocation when initializing the encoder for WebRTC. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 139 and Thunderbird 128.11...

GHSA-QPXX-2CWH-R5VH pypickle Incorrect Privilege Assignment vulnerability

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

pypickle Incorrect Privilege Assignment vulnerability

A vulnerability was found in erdogant pypickle up to 1.1.5. It has been classified as critical. This affects the function Save of the file pypickle/pypickle.py. The manipulation leads to improper authorization. Attacking locally is a requirement. The exploit has been disclosed to the public and m...

The vulnerability in the command-line utility BusyBox, related to the assignment of the zero pointer, allows a hacker to trigger a service failure.

The vulnerability of the BusyBox command-line utility set is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability in the command-line utility BusyBox, related to the assignment of the zero pointer, allows a hacker to trigger a service failure.

The vulnerability of the BusyBox command-line utility set is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-39489

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through = 4.5.0...