CVE-2025-36193

IBM Transformation Advisor is affected by CVE-2025-36193, with versions 2.0.1 through 4.3.1 vulnerable to privilege escalation due to incorrect permissions on security-critical files, enabling local root escalation inside the IBM Transformation Advisor Operator Catalog container. The Red Hat secu...

CVE-2025-53396

Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier Media version:16.0.0a and earlier, which may allow users who can log in to a client terminal to obtain root privileges...

CVE-2025-48348 WordPress Site Offline plugin <= 1.5.7 - Broken Access Control vulnerability

Incorrect Privilege Assignment vulnerability in chandrashekharsahu Site Offline site-offline allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Offline: from n/a through = 1.5.7...

CVE-2025-57797

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command...

CVE-2025-57797

Incorrect privilege assignment vulnerability exists in ScanSnap Manager installers versions prior to V6.5L61. If this vulnerability is exploited, an authenticated local attacker may escalate privileges and execute an arbitrary command...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

CVE-2025-38742

Dell iDRAC Service Module iSM, versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2025-27216

Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges...

CVE-2025-54735 WordPress CubeWP Framework Plugin <= 1.1.24 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Privilege Escalation.This issue affects CubeWP: from n/a through = 1.1.24...

Linux Distros Unpatched Vulnerability : CVE-2022-2498

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new...

CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access...

CVE-2025-36613

SupportAssist for Home PCs versions 4.6.3 and prior and SupportAssist for Business PCs versions 4.5.3 and prior, contains an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access...

CVE-2025-54697

CVE-2025-54697 concerns Kadence WooCommerce Email Designer for WordPress (Kadence plugin). Connected sources confirm an Incorrect Privilege Assignment vulnerability that could enable privilege escalation in versions up to and including 1.5.16. No exploit details are provided in the documents. The...

The vulnerability of the apr.h component in the APR library allows a hacker to gain access to confidential data.

The vulnerability of the apr.h component in the APR library is related to the improper assignment of permissions for the critical resource. Exploiting this vulnerability may allow an attacker to access confidential data...

TeamViewer Remote Management 安全漏洞

TeamViewer Remote Management is a remote management software from TeamViewer, Inc. A security vulnerability exists in TeamViewer Remote Management versions prior to 15.67, which stems from an improperly assigned privilege that results in arbitrary file deletion...

The vulnerability of the PROFINET protocol implementation in the modular security system software SIRIUS 3RK3, as well as the security relay software SIRIUS 3SK2, allows a intruder to gain unauthorized access to protected information.

The vulnerability of the PROFINET protocol implementation in the modular security system SIRIUS 3RK3 and the security relay software SIRIUS 3SK2 is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability could allow an intruder to gain unauthorized...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2023-31453

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner of the deleted subscription. Users are advised ...

CVE-2025-0135

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves the improper assignment of permissions to a critical resource. Exploiting this vulnerability can allow an attacker to cause service interruptions remotely...