Lucene search
+L

41 matches found

Cvelist
Cvelist
added 2026/05/13 4:56 a.m.52 views

CVE-2026-21022

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

6.9CVSS0.00093EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

SAMSUNG SMR 安全漏洞

SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities, which were caused by improper handling of insufficient permissions. Thes...

6.9CVSS5.8AI score0.00093EPSS
Exploits0References1
OSV
OSV
added 2026/05/11 2:40 p.m.4 views

CVE-2026-44198 Wagtail: Improper permission handling when viewing page history

Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...

4.3CVSS5.9AI score0.00162EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/08 8:17 p.m.16 views

Wagtail has improper permission handling when comparing revisions

Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...

6.5CVSS5.8AI score0.00204EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/03/05 8:42 p.m.3 views

Improper Handling of Insufficient Permissions or Privileges

Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...

5.4CVSS5.8AI score0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/04 6:14 a.m.6 views

EUVD-2026-5391

Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...

5.1CVSS5.4AI score0.00142EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-2056

Name of the Vulnerable Software and Affected Versions Samsung Cloud versions prior to 5.6.11 Description A flaw exists in Samsung Cloud that involves improper handling of insufficient permissions. This allows local attackers to access specific files in arbitrary paths. Recommendations Update...

2.1CVSS6.3AI score0.00135EPSS
Exploits0References4
OSV
OSV
added 2025/12/12 3:15 p.m.6 views

CVE-2025-58770

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

8.8CVSS5.8AI score0.00102EPSS
Exploits0References1
CVE
CVE
added 2025/12/12 3:3 p.m.25 views

CVE-2025-58770

CVE-2025-58770 concerns the AMI AptioV BIOS, where a local attacker can trigger improper handling of insufficient permissions to escalate privileges. The vulnerability affects the BIOS/firmware layer of AptioV implementations and may impact integrity, availability, and potentially lead to elevate...

8.8CVSS6.5AI score0.00102EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.7 views

PT-2025-50941

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

8.4CVSS6.9AI score0.00102EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/11/14 9:45 p.m.11 views

Directus has Improper Permission Handling on Deleted Fields

Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...

5.4CVSS6.7AI score0.00187EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2025/09/29 9:15 p.m.7 views

CVE-2025-45376

Dell Repository Manager DRM, versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

7.8CVSS0.00095EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/29 12:0 a.m.9 views

PT-2025-39876

Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions 3.4.7 through 3.4.8 Description Dell Repository Manager DRM versions 3.4.7 and 3.4.8 have an issue related to improper handling of insufficient permissions or privileges. A local attacker with limited privilege...

7.5CVSS6.5AI score0.00095EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/09/08 6:39 a.m.4 views

CVE-2025-41664 Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...

7.5CVSS6.7AI score0.00217EPSS
Exploits0References1
CVE
CVE
added 2025/09/08 6:39 a.m.21 views

CVE-2025-41664

The CVE-2025-41664 entry affects WAGO Coupler Series Ethernet interface modules. It describes a vulnerability where improper permission handling during the runtime of services (e.g., FTP/SFTP) could allow a low-privileged remote attacker to gain unauthorized access to firmware and certificates, e...

7.5CVSS6.8AI score0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/08 6:39 a.m.12 views

CVE-2025-41664 Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates

A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...

7.5CVSS0.00217EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 6:5 a.m.14 views

CVE-2025-21030

Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background...

4.3CVSS0.00146EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/03 6:5 a.m.13 views

CVE-2025-21029

Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...

4CVSS0.00101EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.12 views

The vulnerability of the SFTP service in the microsoftware for digital optical network systems Infinera G42 allows a hacker to gain read and write access to arbitrary files.

The vulnerability of the SFTP service in the microsoftware for Digital Optical Networking Systems Infinera G42 is related to improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow a malicious actor to gain read and write access to arbitrary files...

6.8CVSS5.6AI score0.00318EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/10 12:0 a.m.4 views

Fortinet FortiPAM 安全漏洞

Fortinet FortiPAM is a platform for privilege access control from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPAM versions 1.4.1 and earlier, 1.3.0, 1.2.0, 1.1.2 and earlier, 1.0.3 and earlier, and FortiSRA 1.4.1 and earlier, which stems from improper handling of permissions a...

8.8CVSS6.7AI score0.0031EPSS
Exploits0References2
Rows per page
Query Builder