| CVE-2026-9088 |
2026-06-05 |
A flaw was found in org.keycloak.services. An administrator with delegated access to read group memberships and users can bypass user profile permissions by accessing the group members endpoint. This … |
| CVE-2021-46747 |
2026-06-01 |
Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to map sensitive SMN (System Management Network) apertures leadi… |
| CVE-2026-37981 |
2026-05-19 |
A flaw was found in Keycloak. A broken access control vulnerability in the Account Resources user lookup endpoint allows a remote authenticated user, who owns at least one User-Managed Access (UMA) re… |
| CVE-2024-21962 |
2026-05-15 |
Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. |
| CVE-2026-40365 |
2026-05-12 |
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
| CVE-2026-35436 |
2026-05-12 |
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally. |
| CVE-2026-40690 |
2026-04-24 |
The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment a… |
| CVE-2026-38743 |
2026-04-24 |
The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG … |
| CVE-2026-6356 |
2026-04-22 |
A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive… |
| CVE-2026-6388 |
2026-04-15 |
A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace bounda… |
| CVE-2026-33825 |
2026-04-14 |
Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally. |
| CVE-2025-20628 |
2026-04-07 |
An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators cannot properly configure access rules for Remote Connector … |
| CVE-2026-20107 |
2026-02-25 |
A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpe… |
| CVE-2025-48517 |
2026-02-10 |
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potenti… |
| CVE-2025-48514 |
2026-02-10 |
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality. |
| CVE-2026-0873 |
2026-02-04 |
On a Cryptobox platform where administrator segregation based on entities is used, some vulnerabilities in Ercom Cryptobox administration console allows an authenticated entity administrator with know… |
| CVE-2024-4147 |
2026-02-02 |
In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in other organizations through ID manipulation. The vulnerability… |
| CVE-2025-11246 |
2026-01-09 |
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user with specific pe… |
| CVE-2025-8306 |
2026-01-08 |
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other acco… |
| CVE-2025-20305 |
2025-11-05 |
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device.
This vulnerability exists b… |