Total
25 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-67642 | 1 Jenkins | 1 Hashicorp Vault | 2025-12-17 | N/A | 4.3 MEDIUM |
|
Jenkins HashiCorp Vault Plugin 371.v884a_4dd60fb_6 and earlier does not set the appropriate context for Vault credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Vault credentials they are not entitled to.
|
|||||
| CVE-2023-0386 | 4 Canonical, Debian, Linux and 1 more | 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more | 2025-11-04 | N/A | 7.8 HIGH |
|
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system.
|
|||||
| CVE-2025-32946 | 1 Framasoft | 1 Peertube | 2025-10-21 | N/A | 5.3 MEDIUM |
|
This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.
|
|||||
| CVE-2025-32945 | 1 Framasoft | 1 Peertube | 2025-10-21 | N/A | 4.3 MEDIUM |
|
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, without checking if it belongs to the user.
|
|||||
| CVE-2025-27254 | 2025-10-07 | N/A | 8.0 HIGH | ||
|
CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass.
The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify.
|
|||||
| CVE-2024-43176 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-09-29 | N/A | 5.4 MEDIUM |
|
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users.
|
|||||
| CVE-2024-39755 | 1 Veertu | 1 Anka Build Cloud | 2025-09-04 | N/A | 7.8 HIGH |
|
A privilege escalation vulnerability exists in the node update functionality of Veertu Anka Build 1.42.0. A specially crafted PKG file can lead to execute priviledged operation. An attacker can make an unauthenticated HTTP request to trigger this vulnerability.
|
|||||
| CVE-2025-57732 | 1 Jetbrains | 1 Teamcity | 2025-08-21 | N/A | 7.5 HIGH |
|
In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership
|
|||||
| CVE-2025-1112 | 3 Ibm, Linux, Microsoft | 3 Openpages With Watson, Linux Kernel, Windows | 2025-07-14 | N/A | 4.3 MEDIUM |
|
IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.
|
|||||
| CVE-2025-3629 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-08 | N/A | 4.3 MEDIUM |
|
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6
could allow an authenticated user to delete another user's comments due to improper ownership management.
|
|||||
| CVE-2025-46416 | 2025-06-30 | N/A | 2.9 LOW | ||
|
The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
|
|||||
| CVE-2024-13249 | 1 Node Access Rebuild Progressive Project | 1 Node Access Rebuild Progressive | 2025-06-04 | N/A | 5.4 MEDIUM |
|
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2.
|
|||||
| CVE-2024-13246 | 1 Node Access Rebuild Progressive Project | 1 Node Access Rebuild Progressive | 2025-06-04 | N/A | 5.3 MEDIUM |
|
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2.
|
|||||
| CVE-2024-3383 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | N/A | 7.4 HIGH |
|
A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules.
|
|||||
| CVE-2024-45104 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 6.3 MEDIUM |
|
A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call.
|
|||||
| CVE-2024-45103 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-13 | N/A | 4.3 MEDIUM |
|
A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges.
|
|||||
| CVE-2024-37999 | 1 Siemens | 1 Medicalis Workflow Orchestrator | 2024-11-21 | N/A | 7.8 HIGH |
|
A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges.
|
|||||
| CVE-2023-7226 | 1 Meiyou | 1 Big Whale | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in meetyoucrop big-whale 1.1 and classified as critical. Affected by this issue is some unknown functionality of the file /auth/user/all.api of the component Admin Module. The manipulation of the argument id leads to improper ownership management. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250232.
|
|||||
| CVE-2023-0989 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 4.3 MEDIUM |
|
An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.
|
|||||
| CVE-2022-29187 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Xcode, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
Git is a distributed revision control system. Git prior to versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5, is vulnerable to privilege escalation in all platforms. An unsuspecting user could still be affected by the issue reported in CVE-2022-24765, for example when navigating as root into a shared tmp directory that is owned by them, but where an attacker could create a git repository. Versions 2.37.1, 2.36.2, 2.35.4, 2.34.4, 2.33.4, 2.32.3, 2.31.4, and 2.30.5 contai ...
Show More |
|||||
| CVE-2022-0026 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges. This issue impacts all versions of Cortex XDR agent without content update 330 or a later content update version.
|
|||||
| CVE-2020-10632 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 5.0 MEDIUM | 8.8 HIGH |
|
Inadequate folder security permissions in Emerson OpenEnterprise versions through 3.3.4 may allow modification of important configuration files, which could cause the system to fail or behave in an unpredictable manner.
|
|||||
| CVE-2017-12189 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
It was discovered that the jboss init script as used in Red Hat JBoss Enterprise Application Platform 7.0.7.GA performed unsafe file handling which could result in local privilege escalation. This issue is a result of an incomplete fix for CVE-2016-8656.
|
|||||
| CVE-2024-47816 | 2024-10-10 | N/A | 6.4 MEDIUM | ||
|
ImportDump is a mediawiki extension designed to automate user import requests. A user's local actor ID is stored in the database to tell who made what requests. Therefore, if a user on another wiki happens to have the same actor ID as someone on the central wiki, the user on the other wiki can act as if they're the original wiki requester. This can be abused to create new comments, edit the request, and view the request if it's marked private. This issue has been addressed in commit `5c91dfc` an ...
Show More |
|||||
| CVE-2024-8949 | 1 Oretnom23 | 1 Online Eyewear Shop | 2024-09-23 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability classified as critical has been found in SourceCodester Online Eyewear Shop 1.0. This affects an unknown part of the file /classes/Master.php of the component Cart Content Handler. The manipulation of the argument cart_id/id leads to improper ownership management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||