Security Bulletin: IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621.

Summary IBM Maximo Application Suite uses WebSphere Application Server Liberty which is vulnerable to CVE-2026-3621. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-3621 DESCRIPTION: IBM WebSphere Application Server - Liberty...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the handleSave function of the RoleAdmin Gateway component in the ttsconfig.go file. An attacker can gain unauthorized access to privileged operations by exploiting improper privilege management through...

CVE-2026-10217 nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

CVE-2026-10217 nextlevelbuilder GoClaw RoleAdmin Gateway tts_config.go handleSave privileges management

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

CVE-2026-10217

Nextlevelbuilder GoClaw up to v3.11.3 is affected by a flaw in the handleSave function of internal/http/tts_config.go within the RoleAdmin Gateway, causing improper privilege management. Remote exploitation is possible; a public exploit exists, and the issue has been labeled as a bug by the proje...

EUVD-2026-33538

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/ttsconfig.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

PT-2026-45249

A flaw has been found in nextlevelbuilder GoClaw up to 3.11.3. The impacted element is the function handleSave of the file internal/http/tts config.go of the component RoleAdmin Gateway. This manipulation causes improper privilege management. Remote exploitation of the attack is possible. The...

CVE-2026-23663

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

EUVD-2026-31521

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in PATCH /api/v3/core/users/pk/. An attacker can gain elevated privileges by assigning arbitrary groups, including those with administrator-equivalent permissions, to users they control or have access to,...

PT-2026-42839

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description Improper privilege management allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability

Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network...

Improper Privilege Management

Overview @budibase/builder is a npm install Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowing the creation ...

Improper Privilege Management

Overview @budibase/frontend-core is a Budibase frontend core libraries used in builder and client Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted...

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the trainer-login process. An attacker can gain unauthorized access to higher-privileged accounts by chaining session states and bypassing permission checks. Remediation There is no fixed version for wge...

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

EUVD-2025-209846

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

CVE-2025-62625

CVE-2025-62625 concerns improper privilege management in the KVM key download component, enabling token swapping to obtain sensitive keys and potentially access privileged resources. The NVD/CVE records describe impact to confidentiality with CVSS v4.0 base metrics: Attack Vector NETWORK, Attack ...