41 matches found
CVE-2026-21022
Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...
SAMSUNG SMR 安全漏洞
SAMSUNG SMR is a system patch package developed by Samsung Electronics of South Korea. It provides patches for Samsung mobile applications. Versions prior to SAMSUNG SMR May-2026 Release 1 contained security vulnerabilities, which were caused by improper handling of insufficient permissions. Thes...
CVE-2026-44198 Wagtail: Improper permission handling when viewing page history
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7...
Wagtail has improper permission handling when comparing revisions
Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. Patches Patched versions have been released as Wagtail 7.0...
Improper Handling of Insufficient Permissions or Privileges
Overview Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges incomplete revocation of API key permissions during the user demotion process. An attacker can maintain unauthorized access to upload-request management and log viewing endpoin...
EUVD-2026-5391
Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information...
PT-2026-2056
Name of the Vulnerable Software and Affected Versions Samsung Cloud versions prior to 5.6.11 Description A flaw exists in Samsung Cloud that involves improper handling of insufficient permissions. This allows local attackers to access specific files in arbitrary paths. Recommendations Update...
CVE-2025-58770
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...
CVE-2025-58770
CVE-2025-58770 concerns the AMI AptioV BIOS, where a local attacker can trigger improper handling of insufficient permissions to escalate privileges. The vulnerability affects the BIOS/firmware layer of AptioV implementations and may impact integrity, availability, and potentially lead to elevate...
PT-2025-50941
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...
Directus has Improper Permission Handling on Deleted Fields
Summary Directus does not properly clean up field-level permissions when a field is deleted. If a new field with the same name is created later, the system automatically re-applies the old permissions, which can lead to unauthorized access. Details When a field is removed from a collection, its...
CVE-2025-45376
Dell Repository Manager DRM, versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
PT-2025-39876
Name of the Vulnerable Software and Affected Versions Dell Repository Manager versions 3.4.7 through 3.4.8 Description Dell Repository Manager DRM versions 3.4.7 and 3.4.8 have an issue related to improper handling of insufficient permissions or privileges. A local attacker with limited privilege...
CVE-2025-41664 Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...
CVE-2025-41664
The CVE-2025-41664 entry affects WAGO Coupler Series Ethernet interface modules. It describes a vulnerability where improper permission handling during the runtime of services (e.g., FTP/SFTP) could allow a low-privileged remote attacker to gain unauthorized access to firmware and certificates, e...
CVE-2025-41664 Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services e.g., FTP/SFTP. This access could allow the attacker to escalate privileges and modify firmware...
CVE-2025-21030
Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background...
CVE-2025-21029
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display...
The vulnerability of the SFTP service in the microsoftware for digital optical network systems Infinera G42 allows a hacker to gain read and write access to arbitrary files.
The vulnerability of the SFTP service in the microsoftware for Digital Optical Networking Systems Infinera G42 is related to improper handling of insufficient permissions or privileges. Exploiting this vulnerability can allow a malicious actor to gain read and write access to arbitrary files...
Fortinet FortiPAM 安全漏洞
Fortinet FortiPAM is a platform for privilege access control from Fortinet, Inc. A security vulnerability exists in Fortinet FortiPAM versions 1.4.1 and earlier, 1.3.0, 1.2.0, 1.1.2 and earlier, 1.0.3 and earlier, and FortiSRA 1.4.1 and earlier, which stems from improper handling of permissions a...