NoMachine Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The...

PT-2025-2646 · Unknown · Admin/Site Enhancements (Ase) Pro

Name of the Vulnerable Software and Affected Versions: Admin and Site Enhancements ASE Pro versions 7.6.2.1 and earlier Description: The issue is related to an Incorrect Privilege Assignment vulnerability, which allows Privilege Escalation. This means that users with lower privileges may be able ...

AZL-56279 CVE-2025-21666 affecting package kernel for versions less than 6.6.76.1-1

In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsockhasdata|hasspace Recent reports have shown how we sometimes call vsockhasdata when a vsock socket has been de-assigned from a transport see attached links, but we shouldn't. Previous commits...

CVE-2025-21670

In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example after a failed...

FreeBSD 安全漏洞

FreeBSD is a set of Unix-like operating systems from the FreeBSD Foundation. FreeBSD suffers from an information disclosure vulnerability that is caused by a failure to properly assign privileges flaw. An attacker could exploit this vulnerability to access system files...

PT-2025-3445 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 4.8.0 Description: The issue concerns insecure permissions that allow authenticated attackers to escalate privileges by assigning themselves higher level roles. Recommendations: For RuoYi version 4.8.0, update the permissions to...

CVE-2025-24481

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration...

CVE-2025-24481 FactoryTalk® View Site Edition - Incorrect Permission Assignment

An Incorrect Permission Assignment Vulnerability exists in the product and version listed above. The vulnerability is due to incorrect permissions being assigned to the remote debugger port and can allow for unauthenticated access to the system configuration...

Malicious code in home-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243807d7ae6247f1bee104dab17a677c3ec10064973a5ac7b3e5f4ff2753d35a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-596 Malicious code in home-assignment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243807d7ae6247f1bee104dab17a677c3ec10064973a5ac7b3e5f4ff2753d35a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Rockwell Automation FactoryTalk View SE 安全漏洞

Rockwell Automation FactoryTalk View SE is an industrial automation system view interface from Rockwell Automation, Inc. A security vulnerability exists in Rockwell Automation FactoryTalk View SE that stems from a privilege assignment error...

CVE-2025-0543 G DATA Security Client Local privilege escalation

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in...

The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system, related to the manipulation of the zero pointer, allows a intruder to compromise the accessibility of protected information.

The vulnerability of the Boost library in the Mercedes-Benz MBUX multimedia system is related to a pointer assignment error. Exploiting this vulnerability could allow an attacker to compromise the accessibility of the protected information...

CVE-2025-23528

Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through = 4.1...

CVE-2025-23528

CVE-2025-23528 describes an Incorrect Privilege Assignment in the WordPress plugin DD Roles (by Wouter Dijkstra) that enables authenticated privilege escalation. Affected: DD Roles up to version 4.1. The vulnerability is rated with CVSS 3.1/3.1: Base score 8.8 (High), vectors: AV:N/AC:L/PR:L/UI:N...

WordPress plugin DD Roles 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-4922 · Dd Roles · Dd Roles

Name of the Vulnerable Software and Affected Versions: DD Roles versions n/a through 4.1 Description: The issue is related to an incorrect privilege assignment, allowing privilege escalation. This problem affects the mentioned versions of DD Roles. Recommendations: For versions n/a through 4.1,...

Fortinet多款产品 安全漏洞

Fortinet FortiManager and others are products of Fortinet, Inc.Fortinet FortiManager is a centralized network security management platform.Fortinet FortiAnalyzer is a centralized network security reporting solution.Fortinet Fortinet FortiAnalyzer Cloud is a cloud-based logging platform based on...

The vulnerability of the Registration role module in Drupal CMS systems, related to incorrect privilege assignment, allows attackers to bypass security restrictions and enhance their privileges.

The vulnerability of the Registration role module in Drupal CMS systems is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and enhance their privileges...

The vulnerability of the Drupal Private Content CMS system, related to improper privilege assignment, allows attackers to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the Drupal Content Management System’s Private Content module is related to the improper assignment of privileges. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to protected information...