3918 matches found
CVE-2026-27983 WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue affects LMS Elementor Pro: from n/a through = 1.0.4...
CVE-2026-24963
CVE-2026-24963 is a Privilege Escalation flaw in the WordPress plugin Amelia Booking (Booking for Appointments and Events Calendar – Amelia) affecting versions up to 1.2.38. The issue is an Incorrect Privilege Assignment allowing an authenticated user (Employee+) to escalate privileges. Public so...
CVE-2026-24963 WordPress Amelia plugin <= 1.2.38 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through = 1.2.38...
CVE-2026-24963
Incorrect Privilege Assignment vulnerability in ameliabooking Amelia ameliabooking allows Privilege Escalation.This issue affects Amelia: from n/a through = 1.2.38...
PT-2026-23273
Name of the Vulnerable Software and Affected Versions LMS Elementor Pro versions through 1.0.4 Description A privilege assignment issue exists in LMS Elementor Pro that could allow for privilege escalation. The issue allows an attacker to gain elevated privileges within the system. Recommendation...
PT-2026-23272
Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through = 2.2.6...
PT-2026-23223
Name of the Vulnerable Software and Affected Versions Amelia versions through 1.2.38 Description An incorrect privilege assignment issue exists in ameliabooking Amelia, potentially allowing privilege escalation. The issue affects the application’s access control mechanisms. Recommendations Update...
CVE-2026-28781
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-28781
CVE-2026-28781 affects Craft CMS. Before versions 4.17.0-beta.1 and 5.9.0-beta.1, an entry creation flow permits Mass Assignment of the authorId attribute. A user with Create Entries permission can inject the parameters authorIds[] or authorId into a POST request, which the backend may process wi...
CVE-2026-28781 Craft Affected by Entries Authorship Spoofing via Mass Assignment
Craft is a content management system CMS. Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend...
CVE-2026-21425
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an incorrect privilege assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
CVE-2025-47379
Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocation of buffer resources...
Incorrect Privilege Assignment
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the sessionsspawn process when using runtime="acp" in a sandboxed environment. An attacker can gain unauthorized access to host-side ACP initialization ...
Improperly Controlled Modification of Dynamically-Determined Object Attributes
Overview craftcms/cms is a content management system. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the authorId parameter during the entry creation. An attacker can assign authorship of new entries to...
Craft CMS: Entries Authorship Spoofing via Mass Assignment
Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...
GHSA-2XFC-G69J-X2MP Craft CMS: Entries Authorship Spoofing via Mass Assignment
Description The entry creation process allows for Mass Assignment of the authorId attribute. A user with "Create Entries" permission can inject the authorIds or authorId parameter into the POST request, which the backend processes without verifying if the current user is authorized to assign...
BIT-DISCOURSE-2026-28219 Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST...