| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-5136 | High | 8.8 v3 | - | - | -No fix available yet | 2026-07-01 | A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access. |
| CVE-2026-57692 | Critical | 9.8 v3 | - | - | -No fix available yet | 2026-07-01 | Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2. |
| CVE-2026-53902 | High | 7.1 v4 | - | - | -No fix available yet | 2026-07-01 | MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g. /customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions. |
| CVE-2026-56247 | High | 8.8 v3 | - | - | -No fix available yet | 2026-06-30 | Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions. |
| CVE-2026-4629 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-06-30 | A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm. |
| CVE-2026-12388 | Medium | 6.5 v3 | - | - | -No fix available yet | 2026-06-30 | A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm. |
| CVE-2026-13591 | Medium | 5.0 v3 | 0.2% | - | -No fix available yet | 2026-06-29 | A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue. |
| CVE-2026-13568 | High | 7.3 v3 | 0.3% | - | -No fix available yet | 2026-06-29 | A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. |
| CVE-2026-22078 | High | 7.3 v3 | 0.1% | - | -No fix available yet | 2026-06-29 | Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel. |
| CVE-2026-13544 | Medium | 6.3 v3 | 0.2% | - | -No fix available yet | 2026-06-29 | A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. |
| CVE-2026-13524 | Medium | 5.6 v3 | 0.3% | - | -No fix available yet | 2026-06-29 | A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance. |
| CVE-2026-13511 | Low | 3.1 v3 | 0.2% | - | -No fix available yet | 2026-06-28 | A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance. |
| CVE-2026-49413 | High | 7.1 v3 | 0.1% | - | -No fix available yet | 2026-06-27 | The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary. |
| CVE-2026-45259 | Medium | 6.5 v3 | 0.1% | - | -No fix available yet | 2026-06-27 | sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process. |
| CVE-2026-56033 | Critical | 9.8 v3 | 0.3% | - | -No fix available yet | 2026-06-26 | Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions. |
| CVE-2026-56030 | Critical | 9.8 v3 | 0.3% | - | -No fix available yet | 2026-06-26 | Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions. |
| CVE-2026-56028 | Critical | 9.8 v3 | 0.4% | - | -No fix available yet | 2026-06-26 | Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions. |
| CVE-2026-56010 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-26 | Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions. |
| CVE-2026-56008 | High | 8.8 v3 | 0.3% | - | -No fix available yet | 2026-06-26 | Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions. |
| CVE-2026-12164 | Medium | 4.4 v3 | 0.1% | - | Fix available | 2026-06-23 | Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships. |
| CVE-2026-12823 | Low | 3.3 v3 | 0.1% | - | -No fix available yet | 2026-06-22 | A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-56251 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2026-06-21 | Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security. |
| CVE-2026-12799 | Medium | 4.3 v3 | 0.3% | - | -No fix available yet | 2026-06-21 | A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure. |
| CVE-2026-12786 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-12784 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-12782 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists." |
| CVE-2026-12781 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists." |
| CVE-2026-12780 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-12779 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-12778 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-21 | A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| CVE-2026-12771 | Medium | 5.0 v3 | 0.3% | - | Fix available | 2026-06-21 | A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure. |
| CVE-2026-12770 | Medium | 5.4 v3 | 0.3% | - | Fix available | 2026-06-21 | A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure. |
| CVE-2026-12529 | High | 7.3 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. |
| CVE-2026-54807 | Critical | 9.8 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions. |
| CVE-2026-54805 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions. |
| CVE-2026-54196 | Medium | 6.8 v3 | 0.2% | - | -No fix available yet | 2026-06-17 | Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions. |
| CVE-2026-49058 | Critical | 9.8 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions. |
| CVE-2026-39546 | High | 7.6 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions. |
| CVE-2026-27395 | Critical | 9.8 v3 | 0.3% | - | -No fix available yet | 2026-06-17 | Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions. |
| CVE-2025-69179 | Critical | 9.8 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions. |
| CVE-2025-69138 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Subscriber Privilege Escalation in Genemy <= 1.6.6 versions. |
| CVE-2025-59563 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-17 | Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions. |
| CVE-2026-53862 | Medium | 4.2 v3 | 0.1% | - | Fix available | 2026-06-16 | OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits. |
| CVE-2026-53847 | Medium | 5.4 v3 | 0.2% | - | Fix available | 2026-06-16 | OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope. |
| CVE-2026-12294 | Critical | 9.6 v3 | 0.4% | - | Fix available | 2026-06-16 | Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. |
| CVE-2026-12289 | High | 8.8 v3 | 0.4% | - | Fix available | 2026-06-16 | Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12. |
| CVE-2026-49780 | High | 8.8 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Customer Privilege Escalation in Dokan <= 5.0.2 versions. |
| CVE-2026-49083 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Contributor Privilege Escalation in LatePoint <= 5.5.1 versions. |
| CVE-2026-49063 | High | 7.3 v3 | 0.2% | - | -No fix available yet | 2026-06-15 | Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions. |
| CVE-2026-48889 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2026-06-15 | Subscriber Privilege Escalation in Amelia <= 2.3 versions. |
- HighCVSS 8.8 v3·EPSS -·No fix yet
A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.
Published 2026-07-01
- CriticalCVSS 9.8 v3·EPSS -·No fix yet
Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2.
Published 2026-07-01
- HighCVSS 7.1 v4·EPSS -·No fix yet
MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrary groups by supplying a valid group ID, which can be obtained via other application functionalities (e.g. /customer/servlet/mco/webapi/group/picker/groups), provided he has necessary permissions, or potentially inferred through brute-force techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 25.3.3.1 but may also affect other versions.
Published 2026-07-01
- HighCVSS 8.8 v3·EPSS -·No fix yet
Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions.
Published 2026-06-30
- MediumCVSS 6.5 v3·EPSS -·No fix yet
A flaw was found in Keycloak. A highly privileged user with `manage-clients` permission can exploit this vulnerability by injecting a hardcoded role mapper into any client. This action allows the user to bypass existing scope restrictions and inject the `realm-admin` role into generated tokens, resulting in privilege escalation and full administrative access to the realm.
Published 2026-06-30
- MediumCVSS 6.5 v3·EPSS -·No fix yet
A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.
Published 2026-06-30
- MediumCVSS 5.0 v3·EPSS 0.2%·No fix yet
A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes improper authorization. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The exploit has been made available to the public and could be used for attacks. Patch name: 9b4aff0f106db424aa45a35aa89dd0b8f2eb9a48. It is suggested to install a patch to address this issue.
Published 2026-06-29
- HighCVSS 7.3 v3·EPSS 0.3%·No fix yet
A weakness has been identified in SourceCodester Inventory Management System 1.0. This vulnerability affects unknown code of the file /api/users_handler.php of the component User Registration Endpoint. This manipulation of the argument role causes improper access controls. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Published 2026-06-29
- HighCVSS 7.3 v3·EPSS 0.1%·No fix yet
Because O+ Connect's IPC service does not authenticate clients, external applications can escalate privileges and perform sensitive actions through the IPC channel.
Published 2026-06-29
- MediumCVSS 6.3 v3·EPSS 0.2%·No fix yet
A flaw has been found in Feehi CMS up to 2.1.1. Affected by this issue is some unknown functionality of the file /api/users of the component API. This manipulation causes improper access controls. The attack can be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Published 2026-06-29
- MediumCVSS 5.6 v3·EPSS 0.3%·No fix yet
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulation of the argument code leads to improper authorization. The attack can be initiated remotely. The attack is considered to have high complexity. It is stated that the exploitability is difficult. The exploit has been disclosed publicly and may be used. The pull request to fix this issue awaits acceptance.
Published 2026-06-29
- CVSS 3.1 v3·EPSS 0.2%·No fix yet
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance.
Published 2026-06-28
- HighCVSS 7.1 v3·EPSS 0.1%·No fix yet
The Linuxulator determined whether a binary was set-user-ID or set-group-ID by checking the P_SUGID process flag. During execve(2), this flag is not yet set at the point where the auxiliary vector is constructed, so AT_SECURE was incorrectly set to zero for set-user-ID and set-group-ID executables. An unprivileged local user can inject a shared library via LD_PRELOAD into a set-user-ID or set-group-ID Linux binary, gaining the privileges of that binary.
Published 2026-06-27
- MediumCVSS 6.5 v3·EPSS 0.1%·No fix yet
sigqueue(2) was marked as permitted in capability mode with the introduction of Capsicum in 2011, but the implementation of kern_sigqueue did not include a capability mode check restricting signal delivery to the calling process's own PID. A process in capability mode can use sigqueue(2) to send signals to any process it could signal following standard Unix permissions, bypassing the Capsicum sandbox restriction. A compromised sandboxed process could interfere with other processes, for example by sending SIGKILL or SIGSTOP. This could be any process running as the same user, or any process, for a superuser sandboxed process.
Published 2026-06-27
- CriticalCVSS 9.8 v3·EPSS 0.3%·No fix yet
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Published 2026-06-26
- CriticalCVSS 9.8 v3·EPSS 0.3%·No fix yet
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Published 2026-06-26
- CriticalCVSS 9.8 v3·EPSS 0.4%·No fix yet
Unauthenticated Privilege Escalation in Easy Elements for Elementor – Addons & Website Templates <= 1.4.9 versions.
Published 2026-06-26
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
Published 2026-06-26
- HighCVSS 8.8 v3·EPSS 0.3%·No fix yet
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
Published 2026-06-26
- MediumCVSS 4.4 v3·EPSS 0.1%·Fix available
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permissions to users created by the tetool import command while FIM is running, particularly when the import also creates or changes roles or role-permission relationships.
Published 2026-06-23
- CVSS 3.3 v3·EPSS 0.1%·No fix yet
A security flaw has been discovered in Browserbase up to 20260526. This impacts an unknown function of the component Autobrowse Trace Artifact Handler. The manipulation results in incorrect default permissions. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-22
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Capgo before 12.128.2 contains a broken row level security policy in the org_users table that allows authenticated users to elevate privileges from admin to super_admin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized super_admin access and compromise system security.
Published 2026-06-21
- MediumCVSS 4.3 v3·EPSS 0.3%·No fix yet
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-2025-0628. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure.
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability has been found in Ezbsystems UltraISO Premium Edition up to 9.76. Affected by this issue is some unknown functionality in the library bootpt64.sys of the component Kernel Driver. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A weakness has been identified in IM-Magic Partition Resizer up to 7.9.0. This affects an unknown function in the library MDA_NTDRV.sys of the component Kernel Driver. This manipulation causes improper access controls. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A security flaw has been discovered in EaseUS Partition Master up to 14.5. The impacted element is an unknown function in the library EUEDKEPM.sys of the component Kernel Driver. The manipulation results in improper access controls. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The affected component should be upgraded. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly available and might be used. You should upgrade the affected component. The vendor explains: "We have confirmed that this issue was present only in older versions of the product. Our product has since been updated, and the issue has been resolved in the latest version, so it no longer exists."
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-21
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published 2026-06-21
- MediumCVSS 5.0 v3·EPSS 0.3%·Fix available
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The attack can be launched remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
Published 2026-06-21
- MediumCVSS 5.4 v3·EPSS 0.3%·Fix available
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Patch name: 23781. It is recommended to apply a patch to fix this issue. The vendor was contacted early about this disclosure.
Published 2026-06-21
- HighCVSS 7.3 v3·EPSS 0.3%·No fix yet
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access controls. Remote exploitation of the attack is possible.
Published 2026-06-17
- CriticalCVSS 9.8 v3·EPSS 0.4%·No fix yet
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Published 2026-06-17
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Published 2026-06-17
- MediumCVSS 6.8 v3·EPSS 0.2%·No fix yet
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Published 2026-06-17
- CriticalCVSS 9.8 v3·EPSS 0.3%·No fix yet
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Published 2026-06-17
- HighCVSS 7.6 v3·EPSS 0.3%·No fix yet
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Published 2026-06-17
- CriticalCVSS 9.8 v3·EPSS 0.3%·No fix yet
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Published 2026-06-17
- CriticalCVSS 9.8 v3·EPSS 0.4%·No fix yet
Unauthenticated Privilege Escalation in Support Ticket Management System <= 1.9 versions.
Published 2026-06-17
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Subscriber Privilege Escalation in Genemy <= 1.6.6 versions.
Published 2026-06-17
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Subscriber Privilege Escalation in Sonaar <= 4.27.4 versions.
Published 2026-06-17
- MediumCVSS 4.2 v3·EPSS 0.1%·Fix available
OpenClaw before 2026.5.12 contains a bootstrap token replay vulnerability allowing callers with pending token access to reuse tokens with broader requested scopes. Attackers can replay bootstrap tokens before approval to escalate pairing authority beyond intended scope limits.
Published 2026-06-16
- MediumCVSS 5.4 v3·EPSS 0.2%·Fix available
OpenClaw before 2026.5.6 contains a privilege escalation vulnerability in the Active Memory write scope that allows Gateway operators with operator.write access to modify global configuration without requiring operator.admin privileges. Attackers with operator.write access can exploit insufficient scope validation to apply unauthorized configuration changes beyond the intended write scope.
Published 2026-06-16
- CriticalCVSS 9.6 v3·EPSS 0.4%·Fix available
Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Published 2026-06-16
- HighCVSS 8.8 v3·EPSS 0.4%·Fix available
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
Published 2026-06-16
- HighCVSS 8.8 v3·EPSS 0.3%·No fix yet
Customer Privilege Escalation in Dokan <= 5.0.2 versions.
Published 2026-06-15
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Contributor Privilege Escalation in LatePoint <= 5.5.1 versions.
Published 2026-06-15
- HighCVSS 7.3 v3·EPSS 0.2%·No fix yet
Unauthenticated Privilege Escalation in Listdom <= 5.5.0 versions.
Published 2026-06-15
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Subscriber Privilege Escalation in Amelia <= 2.3 versions.
Published 2026-06-15
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.