authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either beca
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that S
G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Tot
An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access
An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function.
A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the A
A privilege escalation vulnerability may enable a service account to elevate its privileges.
The sudo rules configured for a local service account were excessively permissive, potentially allowing
MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indicati
A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with
A broken access control may allow an authenticated user to perform a
horizontal privilege escalation. The vulnerability only impacts specific
configurations.
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.
Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4.
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to
A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build
Incorrect Privilege Assignment vulnerability in PenciDesign Soledad soledad allows Privilege Escalation.This issue affects Soledad: from n/a through <= 8.6.9.
Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combine
In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege if a malicious actor has already obtained the System privil
authentik is an open-source identity provider. In versions prior to 2025.12.5 and 2026.2.0-rc1 through 2026.2.2, the PATCH /api/v3/core/users/{pk}/ API allows a caller with change_user on a target use
Page 1+ Next →