3945 matches found
CVE-2008-7310
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a "mass assignment" vulnerability...
CVE-2008-7309
Insoshi before 20080920 does not properly restrict the use of a hash to provide values for a model's attributes, which allows remote attackers to set the ForumPost userid value via a modified URL, related to a "mass assignment" vulnerability...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment due to the incorrect assignment of cgroup hierarchy. An attacker can cause a denial of service of the Kubernetes node by exploiting this misconfiguration, where some Kubernetes limits are not honored. This...
CVE-2025-39366
Incorrect Privilege Assignment vulnerability in Rocket Apps wProject.This issue affects wProject: from n/a before 5.8.0...
CVE-2025-39366
CVE-2025-39366 corresponds to an Incorrect Privilege Assignment vulnerability in WordPress theme wProject (versions before 5.8.0). It enables Privilege Escalation for authenticated users with Subscriber+ privileges. The CVSSv3.1 vector is AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 8...
CVE-2025-39459
Incorrect Privilege Assignment vulnerability in contempoinc Real Estate 7 realestate-7 allows Privilege Escalation.This issue affects Real Estate 7: from n/a through = 3.5.2...
CVE-2025-39405
Incorrect Privilege Assignment vulnerability in mojoomla WPAMS apartment-management allows Privilege Escalation.This issue affects WPAMS: from n/a through = 44.0 17-08-2023...
CVE-2025-39405
CVE-2025-39405 describes an "Incorrect Privilege Assignment" vulnerability in the WordPress WPAMS plugin. Affected software: WPAMS – Apartment Management System for WordPress (versions up to and including 44.0; dated 17-08-2023). Root cause per sources: improper privilege handling enabling privil...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: iouring: abort file assignment prior to assigning creds We need to either restore creds properly if we fail on the file assignment, or just do the file assignment first instead. Let's do the latter as it's simpler, should make no...
WordPress plugin wProject 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2025-22100 · Project · Project
Name of the Vulnerable Software and Affected Versions: wProject versions prior to 5.8.0 Description: The issue is related to an Incorrect Privilege Assignment vulnerability. This vulnerability affects wProject, with details about the impact or exploitation not specified beyond the general...
CVE-2025-0135
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
CVE-2025-0135
The vulnerability CVE-2025-0135 affects the Palo Alto Networks GlobalProtect App on macOS, caused by an incorrect privilege assignment that allows a locally authenticated non-administrative user to disable the app. Other platforms (Windows, Linux, iOS, Android, Chrome OS, UWP) are not affected. P...
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
CVE-2025-0135 GlobalProtect App on macOS: Non Admin User Can Disable the GlobalProtect App
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2025-24021 iTop doesn't have mass assignment of fields in the portal form
iTop is an web based IT Service Management tool. Prior to versions 2.7.12, 3.1.3, and 3.2.1, anyone with an account having portal access can set value to object fields when they're not supposed to. Versions 2.7.12, 3.1.3, and 3.2.1 contain a fix for the issue...
CVE-2025-24021
CVE-2025-24021 affects iTop (web-based IT Service Management). Prior to fixes, any account with portal access could set values on object fields that should not be modifiable. Affected versions: 2.7.11 or earlier? The initial docs list vulnerable versions as 2.7.12, 3.1.3, and 3.2.1 that contain f...
Palo Alto Networks GlobalProtect 安全漏洞
Palo Alto Networks GlobalProtect is a suite of network protection software from Palo Alto Networks, USA. The software provides features such as firewall monitoring and threat prevention. A security vulnerability exists in Palo Alto Networks GlobalProtect that stems from an improper assignment of...
PT-2025-21212 · Palo Alto Networks · Globalprotect App
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks GlobalProtect App version affected versions not specified Description: An incorrect privilege assignment issue in the GlobalProtect App on macOS devices allows a locally authenticated non-administrative user to disable the...