GHSA-F3PV-WV63-48X8 Electron: Named window.open targets not scoped to the opener's browsing context

Impact When a renderer calls window.open with a target name, Electron did not correctly scope the named-window lookup to the opener's browsing context group. A renderer could navigate an existing child window that was opened by a different, unrelated renderer if both used the same target name. If...

Improper Privilege Management

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management via the pairing process. An attacker can gain elevated privileges by exploiting unbound bootstrap setup codes during device pairing. Remediation Upgrade...

EUVD-2026-18561

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-22768

Dell AppSync, versions 4.6.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

Cisco Smart Software Manager On-Prem 安全漏洞

Cisco Smart Software Manager On-Prem is a component developed by Cisco, Inc., used for managing licenses of Cisco products. Cisco Smart Software Manager On-Prem has a security vulnerability that stems from improper transmission of sensitive user information. This vulnerability could allow...

CVE-2026-3991

CVE-2026-3991 affects Symantec Data Loss Prevention Windows Endpoint prior to: 25.1 MP1, 16.1 MP2, 16.0 RU2 HF9, 16.0 RU1 MP1 HF12, and 16.0 MP2 HF15. The issue is described as an Elevation of Privilege , allowing a local attacker to obtain elevated access to protected resources. The provided doc...

CVE-2026-24510

Dell Alienware Command Center AWCC, versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2026-25165

Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally...

CVE-2026-25178

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

CVE-2026-23658

Insufficiently protected credentials in Azure DevOps allows an unauthorized attacker to elevate privileges over a network...

CVE-2026-24290

Improper access control in Windows Projected File System allows an authorized attacker to elevate privileges locally...

CVE-2026-24292

Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...

CVE-2026-20046

A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups...

CVE-2026-30892

crun is an open source OCI Container Runtime fully written in C. In versions 1.19 through 1.26, the crun exec option -u --user is incorrectly parsed. The value 1 is interpreted as UID 0 and GID 0 when it should have been UID 1 and GID 0. The process thus runs with higher privileges than expected...

EUVD-2026-15039

A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.4. A user may be able to elevate privileges...

PT-2026-27528

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.4 Description A logic issue was addressed with improved checks. This could allow a user to elevate privileges. Recommendations Update to macOS Tahoe 26.4...

OpenClaw 安全漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an elevation of privilege vulnerability that can be exploited by an attacker to gain higher operator range before pairing approval...

WordPress plugin Aimogen Pro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Microsoft Exchange Elevation of Privilege Vulnerability

Server-side request forgery ssrf in Microsoft Exchange allows an authorized attacker to elevate privileges over a network...

PT-2026-26356

Name of the Vulnerable Software and Affected Versions Microsoft Purview affected versions not specified Description Server-side request forgery ssrf exists in Microsoft Purview, potentially allowing an unauthorized attacker to elevate privileges over a network. SSRF occurs when a server processes...