CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)

Exploit Title: ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery CSRF Google Dork: inurl:"/api/method/frappe" Date: 2025-04-29 Exploit Author: Ahmed Thaiban Thvt0ne Vendor Homepage: https://erpnext.com Software Link: https://github.com/frappe/erpnext Version: Delete User Click Her...

CVE-2025-3517

Incorrect privilege assignment in PAM JIT elevation feature in Devolutions Server 2025.1.5.0 and earlier allows a PAM user to elevate a previously configured user configured in a PAM JIT account via failure to update the internal account’s SID when updating the username...

CVE-2023-53077

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes WHY When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dmllog2 returns an unexpected negative value: shift exponent 4294966273 is t...

CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3394

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3394

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3395

Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3394 Vulnerability in user management of Automation Builder

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

CVE-2025-3394

The CVE-2025-3394 entry affects ABB’s Automation Builder up to version 2.8.0 . The issue is described as an Incorrect Permission Assignment for a Critical Resource in the user management component, enabling modification of project/user data and overruling of user management. The vulnerability is ...

CVE-2025-3394 Vulnerability in user management of Automation Builder

Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0...

Sensitive Information Disclosure

moodle/moodle is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper access control to search functionality exposing student identities in anonymous assignment submissions...

GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The...

PT-2025-18268 · Abb · Abb Automation Builder

Name of the Vulnerable Software and Affected Versions: ABB Automation Builder versions prior to 2.8.0 Description: The issue is related to an incorrect permission assignment for critical resources in ABB Automation Builder. Recommendations: For versions prior to 2.8.0, update to version 2.8.0 or...

VulnCheck KEV: CVE-2025-27007

Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through = 1.0.82...

The vulnerability of the Delphix Continuous Data and Delphix Continuous Compliance data management tools lies in improper privilege assignment, allowing attackers to gain control over the command line of the operating system.

The vulnerability of the Delphix Continuous Data data management software is related to the improper assignment of privileges. Exploiting this vulnerability can allow an attacker to gain control over the command line of the operating system...

PT-2025-18269 · Abb · Abb Automation Builder

Name of the Vulnerable Software and Affected Versions: ABB Automation Builder versions through 2.8.0 Description: The issue affects ABB Automation Builder due to an Incorrect Permission Assignment for Critical Resource and Cleartext Storage of Sensitive Information. This allows unauthorized acces...

CLSA-2025-1745956866 php: Fix of CVE-2024-11235

CVE-2024-11235: Fix use-after-free vulnerability related to set handler and ??= operator to prevent potential remote code execution...