| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-20463 | Medium | 6.7 v3 | - | - | -No fix available yet | 2026-07-01 | In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309. |
| CVE-2026-45195 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-06-26 | Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system. |
| CVE-2026-41566 | Critical | 9.4 v4 | 0.3% | - | -No fix available yet | 2026-06-25 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue. |
| CVE-2026-40371 | High | 8.8 v3 | 0.6% | - | Fix available | 2026-06-10 | Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. |
| CVE-2026-11764 | Low | 3.6 v4 | 0.2% | - | -No fix available yet | 2026-06-09 | When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. Therefore, it allows circumventing a permission boundary. |
| CVE-2026-10549 | Medium | 5.3 v4 | 0.3% | - | -No fix available yet | 2026-06-02 | LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database. |
| CVE-2026-46054 | Medium | 7.5 v3 | 0.1% | - | Fix available | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the mounter's credentials are sufficient to access the lower level file (the "backing" file). Unfortunately, the current code does not properly enforce these access controls for both mmap() and mprotect() operations on overlayfs filesystems. This patch makes use of the newly created security_mmap_backing_file() LSM hook to provide the missing backing file enforcement for mmap() operations, and leverages the backing file API and new LSM blob to provide the necessary information to properly enforce the mprotect() acce |
| CVE-2026-9792 | Medium | 6.5 v3 | 0.3% | - | Fix available | 2026-05-28 | A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure. |
| CVE-2026-2340 | Medium | 6.5 v3 | 0.9% | - | Fix available | 2026-05-27 | A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file. |
| CVE-2026-44201 | Medium | 5.3 v3 | 0.3% | - | Fix available | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. |
| CVE-2026-44200 | Medium | 6.5 v3 | 0.2% | - | Fix available | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. |
| CVE-2026-44199 | Medium | 6.5 v3 | 0.2% | - | Fix available | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. |
| CVE-2026-44198 | Medium | 4.3 v3 | 0.2% | - | Fix available | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. |
| CVE-2026-44197 | Medium | 6.5 v3 | 0.2% | - | Fix available | 2026-05-11 | Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4. |
| CVE-2026-6805 | High | 7.5 v3 | 0.2% | - | Fix available | 2026-05-07 | Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link. |
| CVE-2026-20448 | Medium | 6.7 v3 | 0.1% | - | -No fix available yet | 2026-05-04 | In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281. |
| CVE-2026-21733 | High | 7.3 v3 | 0.1% | - | -No fix available yet | 2026-04-17 | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections. |
| CVE-2026-27910 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-04-14 | Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally. |
| CVE-2026-24096 | High | 8.8 v3 | 0.2% | - | -No fix available yet | 2026-04-01 | Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information |
| CVE-2026-2123 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-03-31 | A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability |
| CVE-2026-3190 | Medium | 4.3 v3 | 0.3% | - | Fix available | 2026-03-26 | A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. |
| CVE-2026-21736 | Medium | 4.4 v3 | 0.1% | - | -No fix available yet | 2026-03-09 | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the memory protections for the user-mode wrapped memory resource. |
| CVE-2026-0047 | High | 8.4 v3 | 0.1% | - | -No fix available yet | 2026-03-02 | In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2026-1772 | Medium | 5.3 v3 | 0.3% | - | Fix available | 2026-02-24 | RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. |
| CVE-2026-23857 | High | 8.2 v3 | 0.1% | - | Fix available | 2026-02-12 | Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2025-67848 | High | 8.1 v3 | 0.4% | - | Fix available | 2026-02-03 | A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted. |
| CVE-2026-20817 | High | 7.8 v3 | 5.3% | - | Fix available | 2026-01-13 | Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. |
| CVE-2025-46066 | Critical | 9.9 v3 | 0.3% | - | -No fix available yet | 2026-01-12 | An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges |
| CVE-2025-64997 | Medium | 6.5 v3 | 0.2% | - | -No fix available yet | 2025-12-18 | Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure. |
| CVE-2025-43527 | High | 7.8 v3 | 0.2% | - | Fix available | 2025-12-12 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges. |
| CVE-2025-58770 | High | 8.8 v3 | 0.1% | - | Fix available | 2025-12-12 | APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability. |
| CVE-2025-58122 | Medium | 5.4 v3 | 0.1% | - | -No fix available yet | 2025-11-18 | Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure. |
| CVE-2025-58121 | Medium | 5.4 v3 | 0.2% | - | Fix available | 2025-11-18 | Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information |
| CVE-2025-58410 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2025-11-17 | Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource. |
| CVE-2025-62510 | High | 8.1 v3 | 0.3% | - | Fix available | 2025-10-20 | FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths. |
| CVE-2025-62509 | High | 8.1 v3 | 0.3% | - | Fix available | 2025-10-20 | FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs |
| CVE-2025-62176 | Medium | 4.3 v3 | 0.3% | - | Fix available | 2025-10-13 | Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allows OAuth clients without the read scope to subscribe to public channels and receive public timeline events. The impact is limited, as this only affects new public posts published on the public timelines and requires an otherwise valid token, but this may lead to unexpected access to public posts in a limited-federation setting. This issue has been patched in versions 4.4.6, 4.3.14, and 4.2.27. No known workarounds exist. |
| CVE-2025-45376 | High | 7.5 v3 | 0.1% | - | Fix available | 2025-09-29 | Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| CVE-2025-58457 | Medium | 4.3 v3 | 0.3% | - | Fix available | 2025-09-24 | Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.) |
| CVE-2025-59040 | Medium | 4.3 v3 | 0.3% | - | -No fix available yet | 2025-09-18 | Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.11.99.1757427600 and Tuleap Enterprise Edition 16.11-6 and 16.10-8. |
| CVE-2025-50170 | High | 7.8 v3 | 0.4% | - | Fix available | 2025-08-12 | Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
| CVE-2025-6573 | Critical | 9.8 v3 | 0.4% | - | -No fix available yet | 2025-08-09 | Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). |
| CVE-2025-8109 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2025-08-04 | Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory. |
| CVE-2025-49731 | Low | 3.1 v3 | 0.4% | - | Fix available | 2025-07-08 | Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. |
| CVE-2025-27025 | High | 8.8 v3 | 0.6% | - | -No fix available yet | 2025-07-02 | The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method. |
| CVE-2025-27024 | Medium | 6.5 v3 | 0.3% | - | Fix available | 2025-07-02 | Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. |
| CVE-2025-46708 | Medium | 4.3 v3 | 0.2% | - | Fix available | 2025-06-27 | Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU. |
| CVE-2025-22256 | Medium | 6.3 v3 | 0.3% | - | Fix available | 2025-06-10 | A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests |
| CVE-2025-25179 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2025-06-02 | Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. |
| CVE-2025-3931 | High | 7.8 v3 | 0.2% | - | Fix available | 2025-05-14 | A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. |
- MediumCVSS 6.7 v3·EPSS -·No fix yet
In Modem, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01716533; Issue ID: MSV-6309.
Published 2026-07-01
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses than are permitted by the system.
Published 2026-06-26
- CriticalCVSS 9.4 v4·EPSS 0.3%·No fix yet
Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.
Published 2026-06-25
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network.
Published 2026-06-10
- CVSS 3.6 v4·EPSS 0.2%·No fix yet
When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This is inconsistent with the UI and API where only the first letters of the gift card secret are shown. Therefore, it allows circumventing a permission boundary.
Published 2026-06-09
- MediumCVSS 5.3 v4·EPSS 0.3%·No fix yet
LDAP filter injection vulnerability in Yandex Database prior to 25.3.1.25 allows a remote attacker with valid LDAP credentials to bypass group membership checks resulting in unauthorized access to the database.
Published 2026-06-02
- MediumCVSS 7.5 v3·EPSS 0.1%·Fix available
In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access if the current task is able to access the top level file (the "user" file) and the mounter's credentials are sufficient to access the lower level file (the "backing" file). Unfortunately, the current code does not properly enforce these access controls for both mmap() and mprotect() operations on overlayfs filesystems. This patch makes use of the newly created security_mmap_backing_file() LSM hook to provide the missing backing file enforcement for mmap() operations, and leverages the backing file API and new LSM blob to provide the necessary information to properly enforce the mprotect() acce
Published 2026-05-28
- MediumCVSS 6.5 v3·EPSS 0.3%·Fix available
A flaw was found in Keycloak's Client Policies, specifically within the `org.keycloak.protocol.oidc` component. When certain condition providers (client-type, client-roles, client-attributes, client-scopes) are used to enforce security restrictions, the `reject-ropc-grant` executor is silently bypassed. This allows an unauthenticated remote attacker to obtain tokens via a Resource Owner Password Credentials (ROPC) grant, even when a policy is explicitly configured to block it. This bypass can lead to unauthorized access and information disclosure.
Published 2026-05-28
- MediumCVSS 6.5 v3·EPSS 0.9%·Fix available
A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file.
Published 2026-05-27
- MediumCVSS 5.3 v3·EPSS 0.3%·Fix available
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, the Documents and Images API incorrectly listed items in private collections. A user with access to the API could see the filename and name of documents and images in private collections. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
Published 2026-05-11
- MediumCVSS 6.5 v3·EPSS 0.2%·Fix available
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once coped, they'd be able to view its contents, and potentially publish it. Permissions were correctly checked for the copy destination, but not for the source page. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
Published 2026-05-11
- MediumCVSS 6.5 v3·EPSS 0.2%·Fix available
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete submissions on a page they do have access to for submissions they don't. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
Published 2026-05-11
- MediumCVSS 4.3 v3·EPSS 0.2%·Fix available
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
Published 2026-05-11
- MediumCVSS 6.5 v3·EPSS 0.2%·Fix available
Wagtail is an open source content management system built on Django. Prior to 7.0.7, 7.3.2, and 7.4, a CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two revisions. This could potentially result in disclosure of sensitive information. This vulnerability is fixed in 7.0.7, 7.3.2, and 7.4.
Published 2026-05-11
- HighCVSS 7.5 v3·EPSS 0.2%·Fix available
Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access code associated to this sharing link.
Published 2026-05-07
- MediumCVSS 6.7 v3·EPSS 0.1%·No fix yet
In geniezone, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10708513; Issue ID: MSV-6281.
Published 2026-05-04
- HighCVSS 7.3 v3·EPSS 0.1%·No fix yet
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handling of GPU memory reservation protections.
Published 2026-04-17
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges locally.
Published 2026-04-14
- HighCVSS 8.8 v3·EPSS 0.2%·No fix yet
Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information
Published 2026-04-01
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability
Published 2026-03-31
- MediumCVSS 4.3 v3·EPSS 0.3%·Fix available
A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure.
Published 2026-03-26
- MediumCVSS 4.4 v3·EPSS 0.1%·No fix yet
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the memory protections for the user-mode wrapped memory resource.
Published 2026-03-09
- HighCVSS 8.4 v3·EPSS 0.1%·No fix yet
In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published 2026-03-02
- MediumCVSS 5.3 v3·EPSS 0.3%·Fix available
RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges.
Published 2026-02-24
- HighCVSS 8.2 v3·EPSS 0.1%·Fix available
Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published 2026-02-12
- HighCVSS 8.1 v3·EPSS 0.4%·Fix available
A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted.
Published 2026-02-03
- HighCVSS 7.8 v3·EPSS 5.3%·Fix available
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
Published 2026-01-13
- CriticalCVSS 9.9 v3·EPSS 0.3%·No fix yet
An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges
Published 2026-01-12
- MediumCVSS 6.5 v3·EPSS 0.2%·No fix yet
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
Published 2025-12-18
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges.
Published 2025-12-12
- HighCVSS 8.8 v3·EPSS 0.1%·Fix available
APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability.
Published 2025-12-12
- MediumCVSS 5.4 v3·EPSS 0.1%·No fix yet
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
Published 2025-11-18
- MediumCVSS 5.4 v3·EPSS 0.2%·Fix available
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
Published 2025-11-18
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource.
Published 2025-11-17
- HighCVSS 8.1 v3·EPSS 0.3%·Fix available
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression allowed folder visibility/ownership to be inferred from folder names. Low-privilege users could see or interact with folders matching their username and, in some cases, other users’ content. This issue has been patched in version 1.5.0, where it introduces explicit per-folder ACLs (owners/read/write/share/read_own) and strict server-side checks across list, read, write, share, rename, copy/move, zip, and WebDAV paths.
Published 2025-10-20
- HighCVSS 8.1 v3·EPSS 0.3%·Fix available
FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business logic flaw in FileRise’s file/folder handling allows low-privilege users to perform unauthorized operations (view/delete/modify) on files created by other users. The root cause was inferring ownership/visibility from folder names (e.g., a folder named after a username) and missing server-side authorization/ownership checks across file operation endpoints. This amounted to an IDOR pattern: an attacker could operate on resources identified only by predictable names. This issue has been patched in version 1.4.0 and further hardened in version 1.5.0. A workaround for this issue involves restricting non-admin users to read-only or disable delete/rename APIs
Published 2025-10-20
- MediumCVSS 4.3 v3·EPSS 0.3%·Fix available
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon before 4.4.6, 4.3.14, and 4.2.27, the streaming server accepts serving events for public timelines to clients using any valid authentication token, even if those tokens lack the read:statuses scope. This allows OAuth clients without the read scope to subscribe to public channels and receive public timeline events. The impact is limited, as this only affects new public posts published on the public timelines and requires an otherwise valid token, but this may lead to unexpected access to public posts in a limited-federation setting. This issue has been patched in versions 4.4.6, 4.3.14, and 4.2.27. No known workarounds exist.
Published 2025-10-13
- HighCVSS 7.5 v3·EPSS 0.1%·Fix available
Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
Published 2025-09-29
- MediumCVSS 4.3 v3·EPSS 0.3%·Fix available
Improper permission check in ZooKeeper AdminServer lets authorized clients to run snapshot and restore command with insufficient permissions. This issue affects Apache ZooKeeper: from 3.9.0 before 3.9.4. Users are recommended to upgrade to version 3.9.4, which fixes the issue. The issue can be mitigated by disabling both commands (via admin.snapshot.enabled and admin.restore.enabled), disabling the whole AdminServer interface (via admin.enableServer), or ensuring that the root ACL does not provide open permissions. (Note that ZooKeeper ACLs are not recursive, so this does not impact operations on child nodes besides notifications from recursive watches.)
Published 2025-09-24
- MediumCVSS 4.3 v3·EPSS 0.3%·No fix yet
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16.11.99.1757427600 and Tuleap Enterprise Edition 16.11-6 and 16.10-8.
Published 2025-09-18
- HighCVSS 7.8 v3·EPSS 0.4%·Fix available
Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Published 2025-08-12
- CriticalCVSS 9.8 v3·EPSS 0.4%·No fix yet
Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
Published 2025-08-09
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
Published 2025-08-04
- CVSS 3.1 v3·EPSS 0.4%·Fix available
Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network.
Published 2025-07-08
- HighCVSS 8.8 v3·EPSS 0.6%·No fix yet
The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method.
Published 2025-07-02
- MediumCVSS 6.5 v3·EPSS 0.3%·Fix available
Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position.
Published 2025-07-02
- MediumCVSS 4.3 v3·EPSS 0.2%·Fix available
Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
Published 2025-06-27
- MediumCVSS 6.3 v3·EPSS 0.3%·Fix available
A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests
Published 2025-06-10
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages.
Published 2025-06-02
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data.
Published 2025-05-14
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.