CVE-2026-2254

CVE-2026-2254 affects Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.6 and 11.0.0.0, including 9.3.x and 8.3.x. The issue is that ACLs are not applied on certain API endpoints related to platform mail notifications, allowing potential improper access. The documented C...

CVE-2025-33221

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

CVE-2025-33221

NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel driver, where a user could cause an incorrect permission assignment for a critical resource. A successful exploit of this vulnerability might lead to data tampering and denial of service...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

ROS-20260521-73-0001

A vulnerability in the .NET software platform is related to incorrectly used standard permissions. Exploitation of the vulnerability could allow an attacker to escalate privileges...

CVE-2025-48512

Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller GPIO could allow an attacker to achieve privilege escalation resulting in arbitrary code execution...

EUVD-2026-29992

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems. Note: Software versions which have...

CVE-2026-40462

CVE-2026-40462 affects F5 BIG-IP: an incorrect permission assignment in iControl REST and the TMOS shell (tmsh) could allow an authenticated user to view sensitive information (control plane exposure). Concrete details from connected advisories show affected branches/versions and available fixes....

EUVD-2026-29490

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

EUVD-2026-29485

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

CVE-2026-6499

Incorrect Permission Assignment for Critical Resource vulnerability in ILM Informatique OpenConcerto allows Replace Binaries. This issue affects OpenConcerto: 1.7.5...

CVE-2026-6383

A flaw was found in KubeVirt's Role-Based Access Control RBAC evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This allows authenticated users with specific custom roles to gain unauthorized access to subresources,...

CVE-2026-28264

Dell PowerProtect Agent Service, versions prior to 20.1, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

Moby 安全漏洞

Moby is an open-source project developed by Moby. It aims to promote the containerization of software and help the ecosystem make container technology mainstream. Versions of Moby prior to 29.3.1 contained a security vulnerability. This vulnerability stemmed from an error in the plugin permission...

UBUNTU-CVE-2026-34352

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...

CVE-2026-34352

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions...