CVE-2020-24940

An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment...

CVE-2020-24580

An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU2.31V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user...

CVE-2020-15826

In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have...

CVE-2025-3944

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

CVE-2025-3944 Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

CVE-2025-3944 Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before...

CVE-2025-3936 Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,...

CVE-2025-3936

CVE-2025-3936 involves an Incorrect Permission Assignment for Critical Resource in Tridium Niagara Framework (Windows) and Tridium Niagara Enterprise Security (Windows) . The root cause is misconfigured access control that could enable an attacker to exploit permissions on critical resources. Aff...

CVE-2025-3936 Incorrect Permission Assignment for Critical Resource

Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1,...

CVE-2012-2054

Redmine before 1.3.2 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set attributes in the 1 Comment, 2 Document, 3 IssueCategory, 4 MembersController, 5 Message, 6 News, 7 TimeEntry, 8 Version, 9 Wiki, 10 UserPreference, o...

CVE-2019-17605

A mass assignment vulnerability in eyecomms eyeCMS through 2019-10-15 allows any candidate to take over another candidate's account by also exploiting CVE-2019-17604 via a modified candidate id and an additional password parameter. The outcome is that the password of this other candidate is chang...

CVE-2019-14925

An issue was discovered on Mitsubishi Electric Europe B.V. ME-RTU devices through 2.02 and INEA ME-RTU devices through 3.0. A world-readable /usr/smartrtu/init/settings.xml configuration file on the file system allows an attacker to read sensitive configuration settings such as usernames,...

CVE-2018-13091

The mintToken function of a smart contract implementation for sumocoin SUMO, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

CVE-2018-4072

An exploitable Permission Assignment vulnerability exists in the ACEManager EmbeddedAceSetTask.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. The EmbeddedAceSetTask.cgi executable is used to change MSCII configuration values within the configuration manager of the AirLink ES450. Thi...

CVE-2012-5557

The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.4 for Drupal, does not properly assign roles when there are more than three roles on the site and certain unspecified configurations, which might allow remote authenticated users to gain privileges by performing certain...

CVE-2025-2759 GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞

Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...

CVE-2009-3091

Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable...

CVE-2025-39405

Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...

CVE-2025-39366

Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...