GHSA-34P4-7W83-35G2 Formwork Improperly Managed Privileges in User creation

Summary The application fails to properly enforce role-based authorization during account creation. Although the system validates that the specified role exists, it does not verify whether the current user has sufficient privileges to assign highly privileged roles such as admin. As a result, an...

CVE-2025-69182

CVE-2025-69182 – WordPress Institutions Directory (plugin

Dell PowerScale OneFS 安全漏洞

Dell PowerScale OneFS is an operating system from Dell USA. PowerScale OneFS operating system that provides horizontal scaling of NAS. A resource management error vulnerability exists in Dell PowerScale OneFS that stems from improper allocation of critical resource privileges and can be exploited...

Veeam Backup & Replication 安全漏洞

Veeam Backup & Replication is a backup and replication software from Veeam USA. A security vulnerability exists in Veeam Backup & Replication that stems from improper backup or tape operator privileges that could lead to a file write attack...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.9.1 of dify, which stems from improper privileges and could lead to unauthorized access to system configuration data...

Lenovo Baiying Client 安全漏洞

Lenovo Baiying Client is a digital service and device management platform from Lenovo China. A security vulnerability exists in Lenovo Baiying Client that stems from improper privileges and could lead to the execution of arbitrary code by a locally authenticated user...

Splunk Universal Forwarder 安全漏洞

Splunk Universal Forwarder is a Splunk component from Splunk, Inc. A security vulnerability exists in Splunk Universal Forwarder versions prior to 10.0.2, 9.4.6, 9.3.8, and 9.2.10, which stems from improper assignment of privileges during installation or upgrade, and could result in a...

Security Bulletin: IBM QRadar SIEM is affected by privilege escalation (CVE-2025-36007)

Summary IBM QRadar SIEM is affected by privilege escalation due to improper privilege assignment in the App Framework. IBM has addressed the issue in the latest update. Vulnerability Details CVEID:CVE-2025-36007 DESCRIPTION: IBM QRadar SIEM is vulnerable to privilege escalation due to improper...

EUVD-2025-8412

Malicious code in bioql PyPI...

EUVD-2022-50392

Malicious code in bioql PyPI...

Absolute Secure Access 安全漏洞

Absolute Secure Access is an application from Absolute, Inc. to provide Secure Service Edge SSE optimized for hybrid and mobile working models. A security vulnerability exists in Absolute Secure Access versions prior to 14.10 that stems from improper privilege settings and could lead to the readi...

Intel Distribution for Python Improper Privileges Vulnerability

Intel Distribution for Python is the official Python distribution from Intel, designed to improve the performance of Python code by optimizing high-performance mathematical and scientific computing libraries, with support for multi-core CPUs and the latest instruction set acceleration. Intel...

Lenovo PC Manager 安全漏洞

Lenovo PC Manager is a PC management software from Lenovo China. A security vulnerability exists in Lenovo PC Manager, which stems from improper privileges and may result in local elevation of privileges...

Palo Alto Networks GlobalProtect app 安全漏洞

Palo Alto Networks GlobalProtect app is a network protection software from Palo Alto Networks. A security vulnerability exists in the Palo Alto Networks GlobalProtect app, which stems from an improperly assigned privilege that could result in a locally authenticated non-administrative user...

Tenda CP3 Pro 安全漏洞

Tenda CP3 Pro is a high quality security camera from Tenda China. A security vulnerability exists in Tenda CP3 Pro version V22.5.4.93, which originates from the default enablement of the telnet service and improper privileges, which may result in unauthorized access...

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

fc-stable-diffusion 安全漏洞

fc-stable-diffusion is an open source tool from Serverless Devs Registry for deploying stable-diffusion to AliCloud Functional Computing. A security vulnerability exists in fc-stable-diffusion v1.0.18, which stems from improper privileges and could lead to elevated privileges and customer cloud...

GitLab 17.4 < 17.8.6 / 17.9 < 17.9.3 / 17.10 < 17.10.1 (CVE-2025-2242)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper access control vulnerability in GitLab CE/EE affecting all versions from 17.4 prior to 17.8.6, 17.9 prior to 17.9.3, and 17.10 prior to 17.10.1 allows a user who was an instance admin befo...

CVE-2021-31843

Improper privileges management vulnerability in McAfee Endpoint Security ENS Windows prior to 10.7.0 September 2021 Update allows local users to access files which they would otherwise not have access to via manipulating junction links to redirect McAfee folder operations to an unintended locatio...