Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the handleSave function of the RoleAdmin Gateway component in the ttsconfig.go file. An attacker can gain unauthorized access to privileged operations by exploiting improper privilege management through...

EUVD-2026-31521

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview @budibase/builder is a npm install Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowing the creation ...

Improper Privilege Management

Overview @budibase/frontend-core is a Budibase frontend core libraries used in builder and client Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted...

AMD Device Management Portal Key Download

CVE Details Refer to Glossary for explanation of terms CVE| CVE Description| CVSS Score ---|---|--- CVE-2025-62619| Missing authentication in the KVM key download endpoint could allow an unauthenticated attacker with knowledge of the exposed URL to retrieve sensitive keys, potentially leading to...

CVE-2026-26946

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper privilege management vulnerability in the OS. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges...

CVE-2026-26946

CVE-2026-26946 affects Dell EMC ECS (versions 3.8.1.0–3.8.1.7) and Dell ObjectScale (prior to 4.3.0.0). The issue is an improper privilege management vulnerability in the operating system. A high-privileged attacker with local access could potentially exploit this to achieve elevation of privileg...

Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network...

EUVD-2026-27331

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

CVE-2026-7778 runZero Platform dashboard configuration exposure

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

CVE-2026-7778

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N 5.0, Medium. This...

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

CVE-2026-5141

CVE-2026-5141 affects Pardus Software Center (before 1.0.3). The issue is due to improper privilege management and access control, enabling hijacking of a privileged process. The connected sources confirm the affected product and version range, but do not provide a remediation or patch details. N...

EUVD-2025-209578

The Fan Control application V251 contains an improper privilege handling vulnerability in its Open File Dialog. The dialog processes user-supplied paths with elevated permissions, which can be exploited by a local attacker to perform actions with administrator-level privileges...

Microsoft Partner Center Access Control Vulnerability

Microsoft Partner Center is a Microsoft partner management platform for partners to manage customers, subscriptions and billing. An access control vulnerability exists in Microsoft Partner Center. The vulnerability stems from a failure to properly validate user privileges, resulting in improper...

PT-2026-33808

Name of the Vulnerable Software and Affected Versions Dell PowerProtect Data Domain appliances versions 7.7.1.0 through 8.7.0.0 Dell PowerProtect Data Domain appliances versions 8.3.1.0 through 8.3.1.20 Dell PowerProtect Data Domain appliances versions 7.13.1.0 through 7.13.1.60 Description An...

CVE-2026-23772

CVE-2026-23772 affects Dell Storage Manager – Replay Manager for Microsoft Servers, version 8.0. The vulnerability is described as an Improper Privilege Management that could enable Elevation of Privileges by a low-privileged attacker with local access. The CVSS‑3.1 base score is 7.3 (HIGH). Dell...

PT-2026-32840

Name of the Vulnerable Software and Affected Versions Microsoft Windows affected versions not specified Description Improper privilege management in the Telemetry Service allows an authorized attacker to cause a local denial of service, which affects the system. Recommendations At the moment, the...