Total
860 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-45216 | 2026-05-26 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in StoreApps Smart Manager allows Privilege Escalation. This issue affects Smart Manager: from n/a through 8.85.0. | |||||
| CVE-2026-9412 | 2026-05-26 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was determined in SourceCodester Indian Invoicing System 1.0. Impacted is an unknown function of the component Backend Endpoint. Executing a manipulation can lead to improper access controls. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected. | |||||
| CVE-2025-13118 | 1 Macrozheng | 2 Mall, Mall-swarm | 2026-05-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-32747 | 1 Dell | 3 Powerflex Appliance Intelligent Catalog, Powerflex Manager, Powerflex Rack | 2026-05-22 | N/A | 5.3 MEDIUM |
| Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2026-22315 | 2026-05-20 | N/A | 7.2 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the export of user data, including cleartext passwords, via the SQL editor. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component: through 2025.04 5+323020. | |||||
| CVE-2026-8752 | 1 H2o | 1 H2o | 2026-05-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| A weakness has been identified in h2oai h2o-3 up to 7402. This vulnerability affects the function exec of the file h2o-core/src/main/java/water/rapids/ast/prims/misc/AstSetProperty.java of the component Rapids setproperty Primitive Handler. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-22069 | 2026-05-19 | N/A | 7.3 HIGH | ||
| A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface. | |||||
| CVE-2026-8743 | 1 Open5gs | 1 Open5gs | 2026-05-19 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Open5GS up to 2.7.6. This impacts the function ran_ue_find_by_amf_ue_ngap_id of the file src/amf/context.c of the component AMF/MME. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The patch is named 5746b8576cfceec18ed87eb7d8cf11b1fb4cd8b1. It is suggested to install a patch to address this issue. | |||||
| CVE-2026-8747 | 2026-05-18 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-33518 | 3 Esri, Linux, Microsoft | 3 Portal For Arcgis, Linux Kernel, Windows | 2026-05-18 | N/A | 9.8 CRITICAL |
| An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create developer credentials that may grant more privileges than expected. | |||||
| CVE-2026-33519 | 4 Esri, Kubernetes, Linux and 1 more | 4 Portal For Arcgis, Kubernetes, Linux Kernel and 1 more | 2026-05-18 | N/A | 9.8 CRITICAL |
| An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials. | |||||
| CVE-2012-4549 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2026-05-14 | 5.8 MEDIUM | 6.5 MEDIUM |
| A flaw was found in JBoss Enterprise Application Platform. The `processInvocation` function within the `org.jboss.as.ejb3.security.AuthorizationInterceptor` component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans (EJB) method invocation. This allows attackers to bypass intended access restrictions for EJB methods, leading to unauthorized access to sensitive functionalities. | |||||
| CVE-2025-68420 | 2026-05-14 | N/A | N/A | ||
| Comarch ERP Optima client connects to a database using a high privileged account regardless of an application account to which a user logs in. It is possible for a local attacker who controls the client process to dump it's memory, extract credentials and use them to gain a privileged access to the database. In order to exploit this vulnerability, the client application has to be already configured, but a user does not have to be logged in. This issue has been fixed in version 2026.4 | |||||
| CVE-2026-35062 | 2026-05-13 | N/A | 6.5 MEDIUM | ||
| An authenticated iControl SOAP user may be able to obtain information of other accounts. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-8233 | 2026-05-13 | 4.0 MEDIUM | 4.6 MEDIUM | ||
| A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of complexity is needed for the attack. The exploitability is told to be difficult. The vendor was contacted early about this disclosure. | |||||
| CVE-2026-44997 | 1 Openclaw | 1 Openclaw | 2026-05-13 | N/A | 4.3 MEDIUM |
| OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, control scope, or target-agent restrictions. Attackers can exploit this by spawning child sessions that bypass subagent-only constraints, potentially escalating privileges or accessing restricted resources. | |||||
| CVE-2026-8241 | 2026-05-11 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in Industrial Application Software IAS Canias ERP 8.03. The affected element is the function iasGetServerInfoEvent of the component RMI Interface. Such manipulation leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-8148 | 1 Navercorp | 1 Mybox | 2026-05-11 | N/A | 7.8 HIGH |
| NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | |||||
| CVE-2026-8127 | 2026-05-08 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2026-43510 | 2026-05-07 | N/A | 7.6 HIGH | ||
| manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30. | |||||