CVE-2025-39489

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through = 4.5.0...

GO-2025-3701 Incorrect cgroup assignment for containers running in usernamespaced Kubernetes pods in github.com/containerd/containerd

Incorrect cgroup assignment for containers running in usernamespaced Kubernetes pods in github.com/containerd/containerd...

CVE-2025-47631

Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.020 through 11...

CVE-2025-47539

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

CVE-2025-39489

Incorrect Privilege Assignment vulnerability in pebas CouponXL couponxl allows Privilege Escalation.This issue affects CouponXL: from n/a through = 4.5.0...

CVE-2025-31918

Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro simple-business-directory-pro allows Privilege Escalation.This issue affects Simple Business Directory Pro: from n/a through 15.6.9...

CVE-2025-31918

CVE-2025-31918 covers a vulnerability in the WordPress plugin Simple Business Directory Pro where an Incorrect Privilege Assignment can lead to privilege escalation. Affected: WordPress plugin Simple Business Directory Pro versions through

CVE-2025-39489

CVE-2025-39489 describes anIncorrect Privilege Assignment in the WordPress theme CouponXL (pebas CouponXL) that allows unauthenticated privilege escalation. Affected versions are listed as n/a through 4.5.0. The vulnerability is rated CVSS v3.1: 9.8 (CRITICAL) with vector/network scope as provide...

EUVD-2025-28094

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

CVE-2025-47539

The CVE concerns the WordPress Eventin plugin (versions up to 4.0.26) with an unauthenticated privilege-escalation in a REST API endpoint. The underlying issue is a missing permission check in import_items(), allowing attackers to import users with arbitrary roles (including administrator) and po...

CVE-2025-47631

CVE-2025-47631 describes an Incorrect Privilege Assignment vulnerability in the WordPress Hospital Management System plugin (versions 4.7.0(20) through 11). The issue enables Privilege Escalation due to flawed privilege handling. Public sources in the provided documents do not specify a patch or ...

CVE-2024-46081

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform...

CVE-2024-9142

External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642...

CVE-2024-40531

A mass assignment vulnerability exists in Pantera CRM versions 401.152 and 402.072. This flaw allows authenticated users to modify any user attribute, including roles, by injecting additional parameters via profile management functions...

CVE-2024-29078

Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings...

CVE-2024-47149

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

CVE-2024-47148

Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions...

CVE-2024-5127

In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of role...

CVE-2024-45841

Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained...

CVE-2024-6360

Incorrect Permission Assignment for Critical Resource vulnerability in OpenText™ Vertica could allow Privilege Abuse and result in unauthorized access or privileges to Vertica agent apikey. This issue affects Vertica: from 10.0 through 10.X, from 11.0 through 11.X, from 12.0 through 12.X, from 23...