CVE-2022-43946

Multiple vulnerabilities including an incorrect permission assignment for critical resource CWE-732 vulnerability and a time-of-check time-of-use TOCTOU race condition CWE-367 vulnerability in Fortinet FortiClientWindows before 7.0.7 allows attackers on the same file sharing network to execute...

CVE-2022-48283

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-43574

"IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679."...

WordPress plugin Hospital Management System 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers, and the WordPress plugin is an...

PT-2025-22765 · Mojoomla · Mojoomla Hospital Management System

Name of the Vulnerable Software and Affected Versions: mojoomla Hospital Management System versions 4.7.020 through 11 Description: The issue is related to an Incorrect Privilege Assignment vulnerability that allows Privilege Escalation in the mojoomla Hospital Management System. Recommendations:...

WordPress plugin Simple Business Directory Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

The vulnerability of the /cgi-bin/ExportSyslog.sh script, a microprogramming solution for TOTOLINK A3000RU routers, allows a hacker to circumvent existing security restrictions.

The vulnerability of the /cgi-bin/ExportSyslog.sh script, a microprogramming solution for TOTOLINK A3000RU routers, is related to the improper assignment of privileges. Exploiting this vulnerability could allow an attacker to bypass security restrictions remotely...

CVE-2022-41771

Incorrect permission assignment for critical resource in some IntelR QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access...

CVE-2022-30826

Wedding Management System v1.0 is vulnerable to SQL Injection via admin\clientassign.php...

CVE-2022-20051

In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127...

CVE-2022-48284

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions...

CVE-2022-1225

Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6...

CVE-2022-34737

The application security module has a vulnerability in permission assignment. Successful exploitation of this vulnerability may affect data integrity and confidentiality...

CVE-2022-30700

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

CVE-2021-25931

In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to CSRF, due to no CSRF protection at...

CVE-2021-26248

Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor...

CVE-2021-36746

Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor...

CVE-2021-22684

Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functionscalloc and mmzalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash...

CVE-2020-9225

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege...

CVE-2020-8188

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can r...