| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was determined in Rongzhitong Visual Integrated Command and Dispatch Platform up to 20260206. This impacts an unknown function of the file /dm/dispatch/user/delete of the component User Handler. This manipulation of the argument ID causes improper access controls. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. |
| Privilege escalation and improper access control in GCOM EPON 1GE C00R371V00B01 allows remote authenticated users to modify administrator only settings and extract administrator credentials. |
| A use of hard-coded password vulnerability in FortiWLC version 8.5.2 and below, version 8.4.8 and below, version 8.3.3 to 8.3.2, version 8.2.7 to 8.2.6 may allow a local, authenticated attacker to connect to the managed Access Point (Meru AP and FortiAP-U) as root using the default hard-coded username and password. |
| An improper access control vulnerability in FortiMail version 7.4.0 configured with RADIUS authentication and remote_wildcard enabled may allow a remote unauthenticated attacker to bypass admin login via a crafted HTTP request. |
| Active Directory Domain Services Elevation of Privilege Vulnerability |
| In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108, 9.2.2403.114, and 9.1.2312.208, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE) through a file upload to the "$SPLUNK_HOME/var/run/splunk/apptemp" directory due to missing authorization checks. |
| Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access affecting Confidentiality and Integrity. Exploitation of this issue does not require user interaction. |
| With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage.
This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23. |
| Windows Kernel Security Feature Bypass Vulnerability |
| Visual Studio Code JS Debug Extension Elevation of Privilege Vulnerability |
| Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. |
| Memory corruption may occur due top improper access control in HAB process. |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. |
| A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.
This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. |
