CVE-2026-42609 Grav: Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic

Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that alread...

CVE-2025-63384

A vulnerability was discovered in RISC-V Rocket-Chip v1.6 and before implementation where the SRET Supervisor-mode Exception Return instruction fails to correctly transition the processor's privilege level. Instead of downgrading from Machine-mode M-mode to Supervisor-mode S-mode as specified by...

CVE-2025-54596

CVE-2025-54596 affects Abnormal Security API: the endpoint /v1.0/rbac/users_v2/{USER_ID}/ (pre-2025-02-19) allows downgrading the privileges of other user accounts. CVSS v3.1 base score 4.3 (Medium) with Network attack vector, Low privileges required, No user interaction. Remediation cited: updat...

P3Scan Design Vulnerabilities

P3Scan is a proxy server for email that scans for worms, Trojans and other malicious emails. A security vulnerability exists in daemon in P3Scan 3.0rc1 and earlier versions, which stems from the creation of the p3scan.pid file after the program has downgraded an account to non-root privileges. A...