EUVD-2026-38635

Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/theirownid and grant themselves any permission except admin and superuser — for example assets.view, assets.create, reports.view, import, etc. The issue is...

EUVD-2014-3465

Malware in sbrugna...

EUVD-2024-52863

Malicious code in bioql PyPI...

EUVD-2024-41764

Malicious code in bioql PyPI...

EUVD-2025-16672

Malicious code in bioql PyPI...

EUVD-2024-54645

Malicious code in bioql PyPI...

CVE-2025-38742

Dell iDRAC Service Module iSM, versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution...

CVE-2024-45655

IBM Application Gateway 19.12 through 24.09 could allow a local privileged user to perform unauthorized actions due to incorrect permissions assignment...

CVE-2025-0422 Authenticated Remote Code Execution via ScriptVar

An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. Remote Code Execution For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By defaul...

CVE-2024-45657

CVE-2024-45657 affects IBM Security Verify Access Appliance and Container (10.0.0–10.0.8). The root cause is incorrect permissions assignment that could allow a local privileged user to perform unauthorized actions. IBM’s bulletin lists affected versions and provides remediation: upgrade to IBM S...

CVE-2024-55955

An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged...

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App lies in the improper assignment of permissions to critical resources, allowing attackers to increase their privileges.

The vulnerability of the software for providing secure remote access to data in the Palo Alto Networks GlobalProtect App is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2024-7143

A flaw was found in the Pulp package. When a role-based access control RBAC object in Pulp is set to assign permissions on its creation, it uses the AutoAddObjPermsMixin typically the addrolesforobjectcreator method. This method finds the object creator by checking the current authenticated user...

Elektraweb Trust Management Issues Vulnerability

Elektraweb is a cloud-hosted web-based hotel program from Elektraweb, Turkey. A trust management issue vulnerability exists in Elektraweb versions prior to v17.0.68, which stems from a security issue where the system suffers from improper access control, lack of authorization, incorrect...