Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5136

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-01 Jul, 2026 | 13:28
Updated At-02 Jul, 2026 | 03:56
Rejected At-
Credits

Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:01 Jul, 2026 | 13:28
Updated At:02 Jul, 2026 | 03:56
Rejected At:
â–¼CVE Numbering Authority (CNA)
Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

Affected Products
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.16 for RHEL 8
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.16::el8
  • cpe:/a:redhat:satellite:6.16::el9
  • cpe:/a:redhat:satellite_capsule:6.16::el8
  • cpe:/a:redhat:satellite_capsule:6.16::el9
  • cpe:/a:redhat:satellite_maintenance:6.16::el8
  • cpe:/a:redhat:satellite_maintenance:6.16::el9
  • cpe:/a:redhat:satellite_utils:6.16::el8
  • cpe:/a:redhat:satellite_utils:6.16::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.12.0.17-1.el8sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.16 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.16::el8
  • cpe:/a:redhat:satellite:6.16::el9
  • cpe:/a:redhat:satellite_capsule:6.16::el8
  • cpe:/a:redhat:satellite_capsule:6.16::el9
  • cpe:/a:redhat:satellite_maintenance:6.16::el8
  • cpe:/a:redhat:satellite_maintenance:6.16::el9
  • cpe:/a:redhat:satellite_utils:6.16::el8
  • cpe:/a:redhat:satellite_utils:6.16::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.12.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.17 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.17::el9
  • cpe:/a:redhat:satellite_capsule:6.17::el9
  • cpe:/a:redhat:satellite_maintenance:6.17::el9
  • cpe:/a:redhat:satellite_utils:6.17::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.14.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.18 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.18::el9
  • cpe:/a:redhat:satellite_capsule:6.18::el9
  • cpe:/a:redhat:satellite_utils:6.18::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.16.0.17-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6.19 for RHEL 9
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
foreman
CPEs
  • cpe:/a:redhat:satellite:6.19::el9
  • cpe:/a:redhat:satellite_capsule:6.19::el9
  • cpe:/a:redhat:satellite_maintenance:6.19::el9
  • cpe:/a:redhat:satellite_utils:6.19::el9
Default Status
affected
Versions
Unaffected
  • From 0:3.18.0.7-1.el9sat before * (rpm)
Vendor
Red Hat, Inc.Red Hat
Product
Red Hat Satellite 6
Collection URL
https://access.redhat.com/downloads/content/package-browser/
Package Name
satellite-capsule:el8/foreman
CPEs
  • cpe:/a:redhat:satellite:6
Default Status
affected
Problem Types
TypeCWE IDDescription
CWECWE-266Incorrect Privilege Assignment
Type: CWE
CWE ID: CWE-266
Description: Incorrect Privilege Assignment
Metrics
VersionBase scoreBase severityVector
3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Red Hat severity rating
value:
Important
namespace:
https://access.redhat.com/security/updates/classification/
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Red Hat would like to thank Stanislav Fot (Aisle Research) for reporting this issue.
Timeline
EventDate
Reported to Red Hat.2026-03-30 10:41:48
Made public.2026-07-01 12:28:21
Event: Reported to Red Hat.
Date: 2026-03-30 10:41:48
Event: Made public.
Date: 2026-07-01 12:28:21
Replaced By

Rejected Reason

References
HyperlinkResource
https://access.redhat.com/errata/RHSA-2026:34365
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34366
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34367
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:34368
vendor-advisory
x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2026-5136
vdb-entry
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2452970
issue-tracking
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34365
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34366
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34367
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34368
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5136
Resource:
vdb-entry
x_refsource_REDHAT
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2452970
Resource:
issue-tracking
x_refsource_REDHAT
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:01 Jul, 2026 | 14:16
Updated At:02 Jul, 2026 | 05:16

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member. Successful exploitation of this vulnerability leads to full privilege escalation, granting the attacker administrator-level access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
N/A
Type: Secondary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-266Secondarysecalert@redhat.com
CWE ID: CWE-266
Type: Secondary
Source: secalert@redhat.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://access.redhat.com/errata/RHSA-2026:34365secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34366secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34367secalert@redhat.com
N/A
https://access.redhat.com/errata/RHSA-2026:34368secalert@redhat.com
N/A
https://access.redhat.com/security/cve/CVE-2026-5136secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=2452970secalert@redhat.com
N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34365
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34366
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34367
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/errata/RHSA-2026:34368
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://access.redhat.com/security/cve/CVE-2026-5136
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2452970
Source: secalert@redhat.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

272Records found

CVE-2025-12103
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-0.23% / 14.15%
||
7 Day CHG~0.00%
Published-28 Oct, 2025 | 13:31
Updated-23 Apr, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Openshift-ai: trusty ai grants all authenticated users to list pods in any namespace

A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service accounts and users on a cluster permissions to get, list, watch any pod in any namespace on the cluster. TrustyAI is creating a role `trustyai-service-operator-lmeval-user-role` and a CRB `trustyai-service-operator-default-lmeval-user-rolebinding` which is being applied to `system:authenticated` making it so that every single user or service account can get a list of pods running in any namespace on the cluster Additionally users can access all `persistentvolumeclaims` and `lmevaljobs`

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift AI (RHOAI)Red Hat OpenShift AI 2.25Red Hat OpenShift AI 3
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-3121
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 37.38%
||
7 Day CHG~0.00%
Published-26 Mar, 2026 | 19:13
Updated-02 Apr, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak: org.keycloak/keycloak-services: keycloak: privilege escalation via manage-clients permission

A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onbuild_of_keycloakjboss_enterprise_application_platformjboss_enterprise_application_platform_expansion_packRed Hat build of Keycloak 26.4.11Red Hat build of Keycloak 26.4Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2016-7070
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-8||HIGH
EPSS-0.64% / 46.01%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 13:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A privilege escalation flaw was found in the Ansible Tower. When Tower before 3.0.3 deploys a PostgreSQL database, it incorrectly configures the trust level of postgres user. An attacker could use this vulnerability to gain admin level access to the database.

Action-Not Available
Vendor-Red Hat, Inc.
Product-ansible_towerAnsible Tower
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-264
Not Available
CVE-2016-7066
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.8||HIGH
EPSS-0.30% / 22.00%
||
7 Day CHG~0.00%
Published-11 Sep, 2018 | 14:00
Updated-06 Aug, 2024 | 01:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

Action-Not Available
Vendor-Red Hat, Inc.
Product-jboss_enterprise_application_platformJBoss Enterprise Application Platform
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-275
Not Available
CVE-2026-12289
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-8.8||HIGH
EPSS-0.40% / 31.51%
||
7 Day CHG+0.08%
Published-16 Jun, 2026 | 11:52
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in the Graphics: WebRender component

Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-12294
Matching Score-6
Assigner-Mozilla Corporation
ShareView Details
Matching Score-6
Assigner-Mozilla Corporation
CVSS Score-9.6||CRITICAL
EPSS-0.36% / 28.32%
||
7 Day CHG+0.05%
Published-16 Jun, 2026 | 11:52
Updated-30 Jun, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sandbox escape in the DOM: Workers component

Sandbox escape in the DOM: Workers component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

Action-Not Available
Vendor-Red Hat, Inc.Mozilla Corporation
Product-firefoxthunderbirdThunderbirdFirefoxRed Hat Enterprise Linux 7Red Hat Enterprise Linux 10Red Hat Enterprise Linux AppStream (v. 9)Red Hat Enterprise Linux AppStream (v. 8)Red Hat Enterprise Linux 6Red Hat Enterprise Linux AppStream (v. 10)
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2026-12388
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.23% / 14.06%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 12:00
Updated-01 Jul, 2026 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Keycloak-broker: keycloak: privilege escalation to realm administrator via improper authorization in identity provider mapper

A flaw was found in the Identity Provider (IdP) mapper component of Keycloak, which is used to manage how user information from external services is mapped to Keycloak users. An administrator with limited permissions to manage identity providers can exploit this flaw by creating a "Hardcoded Role" mapper that assigns high-level administrative roles (like realm-admin) to themselves or others. This allows a restricted administrator to bypass security checks and gain full control over the entire realm.

Action-Not Available
Vendor-Red Hat, Inc.
Product-build_of_keycloakRed Hat Build of Keycloak
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-0871
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.31% / 22.46%
||
7 Day CHG~0.00%
Published-27 Feb, 2026 | 07:30
Updated-06 Mar, 2026 | 18:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak/keycloak-services: keycloak: unauthorized modification of unmanaged user attributes by administrators

A flaw was found in Keycloak. An administrator with `manage-users` permission can bypass the "Only administrators can view" setting for unmanaged attributes, allowing them to modify these attributes. This improper access control can lead to unauthorized changes to user profiles, even when the system is configured to restrict such modifications.

Action-Not Available
Vendor-Red Hat, Inc.
Product-keycloakbuild_of_keycloakRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8Red Hat build of Keycloak 26.4Red Hat Single Sign-On 7Red Hat build of Keycloak 26.4.9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-5791
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 6.12%
||
7 Day CHG~0.00%
Published-06 Jun, 2025 | 13:10
Updated-20 Nov, 2025 | 07:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Users: `root` appended to group listings

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat Enterprise Linux 9Red Hat OpenShift Container Platform 4Red Hat Trusted Profile AnalyzerRed Hat OpenShift sandboxed containers 1.1
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-5417
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.20% / 9.84%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 04:28
Updated-19 Dec, 2025 | 21:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Rhdh: red hat developer hub user permissions

An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to the cluster, and the Red Hat Developer Hub namespace, can access the rhdh/rhdh-hub-rhel9 container image and modify the image's content. This issue affects the confidentiality and integrity of the data, and any changes made are not permanent, as they reset after the pod restarts.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Developer Hub 1.7Red Hat Developer Hub
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-4374
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 11.35%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 14:49
Updated-27 Feb, 2026 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository.

Action-Not Available
Vendor-Project QuayRed Hat, Inc.
Product-quayquayRed Hat Quay 3
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-25720
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.20%
||
7 Day CHG~0.00%
Published-17 Nov, 2024 | 10:17
Updated-27 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Samba: check attribute access rights for ldap adds of computers

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat Enterprise Linux 10Red Hat OpenShift Container Platform 4Red Hat Storage 3Red Hat Enterprise Linux 6Red Hat Enterprise Linux 8Red Hat Enterprise Linux 7Red Hat Enterprise Linux 9
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2020-1704
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.27% / 19.31%
||
7 Day CHG~0.00%
Published-17 Feb, 2020 | 16:38
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in the openshift/istio-kialia-rhel7-operator-container. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_service_meshopenshift-service-mesh/kiali-rhel7-operator
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2020-1708
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.28% / 19.77%
||
7 Day CHG~0.00%
Published-07 Feb, 2020 | 20:37
Updated-04 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It has been found in openshift-enterprise version 3.11 and all openshift-enterprise versions from 4.1 to, including 4.3, that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to the openshift/mysql-apb.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshift_container_platformopenshift/mysql-apb
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-19351
Matching Score-6
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-6
Assigner-Red Hat, Inc.
CVSS Score-7||HIGH
EPSS-0.24% / 15.53%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 16:33
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/jenkins. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges. This CVE is specific to the openshift/jenkins-slave-base-rhel7-containera as shipped in Openshift 4 and 3.11.

Action-Not Available
Vendor-Red Hat, Inc.
Product-openshiftopenshift
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-23528
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.53% / 41.08%
||
7 Day CHG~0.00%
Published-16 Jan, 2025 | 20:06
Updated-11 May, 2026 | 22:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress DD Roles plugin <= 4.1 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1.

Action-Not Available
Vendor-Mosterd3d
Product-DD Roles
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-22736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.42% / 33.64%
||
7 Day CHG~0.00%
Published-15 Jan, 2025 | 15:23
Updated-28 Apr, 2026 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress User Management plugin <= 1.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.

Action-Not Available
Vendor-Saad Iqbal
Product-User Management
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-69292
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.28% / 19.57%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Membership plugin <= 1.6.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.

Action-Not Available
Vendor-e-plugins
Product-WP Membership
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-69182
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.38% / 29.74%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 16:52
Updated-28 Apr, 2026 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Institutions Directory plugin <= 1.3.4 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4.

Action-Not Available
Vendor-e-plugins
Product-Institutions Directory
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-4281
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.44% / 35.18%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 00:00
Updated-15 Apr, 2025 | 13:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Facepay camera.php authorization

A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.

Action-Not Available
Vendor-facepay_projectunspecified
Product-facepayFacepay
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-56008
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.28% / 19.57%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-29 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Fusion Builder plugin <= 3.15.4 - Privilege Escalation vulnerability

Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

Action-Not Available
Vendor-Avada (ThemeFusion)
Product-Fusion Builder
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-56010
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.38% / 29.74%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Abandoned Cart Pro for WooCommerce plugin <= 10.4.0 - Privilege Escalation vulnerability

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

Action-Not Available
Vendor-Tyche Softwares.
Product-Abandoned Cart Pro for WooCommerce
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-15656
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.8||HIGH
EPSS-0.23% / 13.98%
||
7 Day CHG~0.00%
Published-03 Jun, 2026 | 09:04
Updated-04 Jun, 2026 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.

Action-Not Available
Vendor-Mojoomla
Product-School Management
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2026-56247
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.30% / 22.05%
||
7 Day CHG~0.00%
Published-30 Jun, 2026 | 22:08
Updated-01 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Capgo - Privilege Escalation via Cross-Scope RBAC Role Assignment

Capgo before 12.128.2 allows org admins to assign org-scoped RBAC roles at app scope without validating role scope compatibility, including to pending invitees. Attackers can pre-seed malformed high-privilege bindings that survive invite acceptance, enabling accepted low-privilege users to perform unauthorized privileged app actions.

Action-Not Available
Vendor-Capgo
Product-Capgo
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-1847
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.47% / 37.30%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 03:00
Updated-26 May, 2025 | 01:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
zj1983 zz improper authorization

A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-zframeworkszj1983
Product-zzzz
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2022-4041
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-0.60% / 44.40%
||
7 Day CHG~0.00%
Published-31 Jan, 2023 | 01:39
Updated-26 Mar, 2025 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter

Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.

Action-Not Available
Vendor-Hitachi, Ltd.
Product-storage_plug-inHitachi Storage Plug-in for VMware vCenter
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-269
Improper Privilege Management
CVE-2026-59093
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.29% / 20.71%
||
7 Day CHG~0.00%
Published-02 Jul, 2026 | 19:40
Updated-02 Jul, 2026 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Weaviate < 1.38.0 - Privilege Escalation via Unchecked Permissions in RBAC Role Assignment

Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted by the assigned role. The assignRoleToUser and assignRoleToGroup handlers (POST /authz/users/{id}/assign and /authz/groups/{id}/assign) authorize only that the caller may assign roles to the target user or group, not the permissions contained in the assigned roles, unlike role creation which enforces that a user can only create roles with permissions less than or equal to its own. A user holding only the delegated assign_and_revoke_users or assign_and_revoke_groups permission can assign the built-in admin role, or any high-privilege custom role, to itself or others, escalating to full administrative control of the database.

Action-Not Available
Vendor-weaviate
Product-weaviate
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-1653
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.49% / 38.37%
||
7 Day CHG~0.00%
Published-15 Mar, 2025 | 02:22
Updated-08 Apr, 2026 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Directory Listings WordPress plugin – uListing <= 2.2.0 - Authenticated (Subscriber+) Privilege Escalation

The Directory Listings WordPress plugin – uListing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.0. This is due to the stm_listing_profile_edit AJAX action not having enough restriction on the user meta that can be updated. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.

Action-Not Available
Vendor-stylemixthemesstylemix
Product-ulistingDirectory Listings WordPress plugin – uListing
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-14086
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 18.03%
||
7 Day CHG~0.00%
Published-05 Dec, 2025 | 14:02
Updated-10 Dec, 2025 | 23:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
youlaitech youlai-mall openid access control

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-youlaiyoulaitech
Product-youlai-mallyoulai-mall
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2025-13250
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.33% / 25.01%
||
7 Day CHG~0.00%
Published-16 Nov, 2025 | 12:02
Updated-20 Nov, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WeiYe-Jing datax-web Job triggerJob access control

A vulnerability was detected in WeiYe-Jing datax-web up to 2.1.2. This impacts the function remove/update/pause/start/triggerJob of the component Job Handler. Performing manipulation results in improper access controls. The attack may be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-datax-web_projectWeiYe-Jing
Product-datax-webdatax-web
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2025-13576
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 16.11%
||
7 Day CHG~0.00%
Published-24 Nov, 2025 | 01:02
Updated-02 Dec, 2025 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Blog Site admin.php improper authorization

A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.

Action-Not Available
Vendor-Source Code & ProjectsFabian Ros
Product-blog_siteBlog Site
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-13808
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.42% / 33.70%
||
7 Day CHG+0.01%
Published-01 Dec, 2025 | 05:02
Updated-04 Dec, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
orionsec orion-ops User Profile UserController.java update improper authorization

A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This manipulation of the argument ID causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-orionsecorionsec
Product-orion-opsorion-ops
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2022-3944
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.46% / 36.58%
||
7 Day CHG~0.00%
Published-11 Nov, 2022 | 00:00
Updated-15 Apr, 2025 | 13:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
jerryhanjj ERP Commodity Management inventory.php uploadImages unrestricted upload

A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.

Action-Not Available
Vendor-erp_projectjerryhanjj
Product-erpERP
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2025-10989
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.52%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 00:32
Updated-03 Oct, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
yangzongzhuan RuoYi selectAll improper authorization

A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-yangzongzhuanRuoyi
Product-ruoyiRuoYi
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2022-3770
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.54% / 41.50%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 00:00
Updated-15 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Yunjing CMS upload_img.html unrestricted upload

A vulnerability classified as critical was found in Yunjing CMS. This vulnerability affects unknown code of the file /index/user/upload_img.html. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212500.

Action-Not Available
Vendor-xjyunjingYunjing
Product-yunjing_content_management_systemCMS
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2025-11554
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.34% / 26.31%
||
7 Day CHG~0.00%
Published-09 Oct, 2025 | 20:02
Updated-24 Feb, 2026 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portabilis i-Educar User Type AccessLevelController.php insecure inherited permissions

A security vulnerability has been detected in Portabilis i-Educar up to 2.9.10. Affected by this issue is some unknown functionality of the file app/Http/Controllers/AccessLevelController.php of the component User Type Handler. The manipulation leads to insecure inherited permissions. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-portabilisPortabilis
Product-i-educari-Educar
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-277
Insecure Inherited Permissions
CVE-2025-11049
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.81%
||
7 Day CHG~0.00%
Published-27 Sep, 2025 | 04:02
Updated-03 Oct, 2025 | 18:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portabilis i-Educar unificacao-aluno improper authorization

A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public and may be used.

Action-Not Available
Vendor-portabilisPortabilis
Product-i-educari-Educar
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10988
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 00:32
Updated-14 Nov, 2025 | 23:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YunaiV ruoyi-vue-pro transfer improper authorization

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iocoderYunaiV
Product-ruoyi-vue-proruoyi-vue-pro
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-11047
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.81%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 21:32
Updated-07 Oct, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portabilis i-Educar aluno improper authorization

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-portabilisPortabilis
Product-i-educari-Educar
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-11048
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.81%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 21:32
Updated-07 Oct, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portabilis i-Educar consulta-dispensas improper authorization

A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-portabilisPortabilis
Product-i-educari-Educar
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10291
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 23.15%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 05:32
Updated-31 Oct, 2025 | 14:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
linlinjava litemall cancel WxAftersaleController improper authorization

A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-linlinjavalinlinjava
Product-litemalllitemall
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10608
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.35% / 26.81%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 18:32
Updated-18 Sep, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Portabilis i-Educar enrollment-history access control

A vulnerability was detected in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /enrollment-history/. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-portabilisPortabilis
Product-i-educari-Educar
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2025-10277
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 03:02
Updated-14 Nov, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YunaiV yudao-cloud submit improper authorization

A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iocoderYunaiV
Product-yudao-cloudyudao-cloud
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10275
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 01:02
Updated-14 Nov, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YunaiV yudao-cloud transfer improper authorization

A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iocoderYunaiV
Product-yudao-cloudyudao-cloud
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10987
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.30% / 21.37%
||
7 Day CHG~0.00%
Published-26 Sep, 2025 | 00:02
Updated-14 Nov, 2025 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-iocoderYunaiV
Product-yudao-cloudyudao-cloud
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10318
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 31.70%
||
7 Day CHG~0.00%
Published-12 Sep, 2025 | 12:32
Updated-31 Dec, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JeecgBoot WebSocket Message sendWebSocketMsg improper authorization

A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jeecgn/a
Product-jeecg_bootJeecgBoot
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-10707
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.36% / 28.52%
||
7 Day CHG~0.00%
Published-19 Sep, 2025 | 11:32
Updated-31 Dec, 2025 | 01:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
JeecgBoot sendMsg improper authorization

A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-jeecgn/a
Product-jeecg_bootJeecgBoot
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-285
Improper Authorization
CVE-2025-0206
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.61% / 44.76%
||
7 Day CHG~0.00%
Published-04 Jan, 2025 | 12:00
Updated-22 Jan, 2025 | 15:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
code-projects Online Shoe Store index.php access control

A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-Source Code & Projects
Product-online_shoe_storeOnline Shoe Store
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2024-8253
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-9.57% / 94.88%
||
7 Day CHG~0.00%
Published-11 Sep, 2024 | 03:31
Updated-25 Sep, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post Grid and Gutenberg Blocks 2.2.87 - 2.2.90 - Authenticated (Subscriber+) Privilege Escalation

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This makes it possible for authenticated attackers, with subscriber-level access and above, to update their user meta to become an administrator.

Action-Not Available
Vendor-pickpluginspickpluginspickplugins
Product-post_gridPost Grid and Gutenberg Blockspost_grid
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2022-3496
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 32.48%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 01:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Human Resource Management System Admin Panel employeeadd.php access control

A vulnerability was found in SourceCodester Human Resource Management System 1.0 and classified as critical. This issue affects some unknown processing of the file employeeadd.php of the component Admin Panel. The manipulation leads to improper access controls. The attack may be initiated remotely. The identifier VDB-210785 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-human_resource_management_systemHuman Resource Management System
CWE ID-CWE-266
Incorrect Privilege Assignment
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found