CVE-2026-47163

Quest Bot prior to v1.0.1 allowed any guild member who can invoke slash commands to use /automod add, /automod remove, and /automod list due to missing Discord default permission and runtime moderator checks. An attacker could add a rule matching common text and cause the bot to delete other user...

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

CVE-2026-27788

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

CVE-2026-48190

An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be anabled and CustomerGroupSupport has to be used to be affected. This issue affects OTRS: 7.0.X...

CVE-2026-48191 Wrong Permission Handling in Document Search Article Meta Filters

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

EUVD-2026-33549

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

PT-2026-45263

An incorrect handling of permissions in STORM powered by OTRS and in OTRS 2026.x and above Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and services without gaining access to them. This issue affects OTRS with STORM modules: 7.0.X 8.0.X...

PT-2026-44743

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

PT-2026-45027

Name of the Vulnerable Software and Affected Versions IPAM versions prior to 1.11.7 IPAM versions prior to 1.12.4 IPAM versions prior to 1.13.0 Description The IPAM controller's ClusterRole grants excessive CRUD permissions create, delete, get, list, patch, update, watch on core/v1 Secrets, despi...

CVE-2026-40914

A vulnerability exists in Apache Artemis whereby an application using the STOMP protocol with security credentials that grant either the consume or send permission on an address can augment the routing-type supported by that address even if said user doesn't have the createAddress permission for...

PT-2026-44063

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description Insufficient permission checks on the single-datasource 'GET' and 'PUT' routes allow users with the Basic app user role to access and modify REST datasource configurations. Because these routes are...

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

CVE-2026-42937

Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh arp and ndp commands, and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information. Note: Software versions which have reached End of Technical...

K000161022: iControl REST and tmsh vulnerability CVE-2026-41959

Security Advisory Description Incorrect permission assignment vulnerabilities exist in BIG-IP and BIG-IQ TMOS Shell tmsh network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems...

CVE-2026-7431

Affected product: Ivanti Secure Access Client. Vulnerabilities (pre-22.8R6): 7431 involves an incorrect permission assignment on a critical resource, enabling a local authenticated user to read/modify sensitive log data via write access to a shared memory section. 7432 is a race condition that al...

CVE-2026-7431

An incorrect permission assignment for critical resource of Ivanti Secure Access Client before 22.8R6 allows a local authenticated user to read or modify sensitive log data via write access to a shared memory section...

CVE-2026-44198

CVE-2026-44198 (Wagtail) : An improper permission handling flaw allowed a CMS user without edit rights to access the page history report, potentially exposing sensitive information. Affected: Wagtail prior to 7.0.7, 7.3.2, and 7.4. Remediation: patch releases 7.0.7, 7.3.2, and 7.4 include the fix...

CVE-2026-44197

CVE-2026-44197 affects Wagtail (Django-based CMS). Before versions 7.0.7, 7.3.2, and 7.4, a CMS user without page-edit permission could access page revisions via the revision-compare view by guessing revision primary keys, potentially exposing sensitive information. The issue is described as impr...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Versions of Apple macOS Tahoe 26.5 had a security vulnerability due to permission issues, which could allow applications to access protected user data...

PT-2026-36807

Name of the Vulnerable Software and Affected Versions OpenConcerto version 1.7.5 Description Incorrect permission assignment for a critical resource allows the replacement of binaries. Recommendations At the moment, there is no information about a newer version that contains a fix for this...