CVE-2022-2475 — CVSS 9.8 (critical): Haas Controller version 100.20.000.1110 has insufficient granularity of access control when using the "Ethernet Q Commands" service. Any…
CVE-2026-6356 — CVSS 9.6 (critical): A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through…
CVE-2026-6388 — CVSS 9.1 (critical): A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater…
CVE-2025-8053 — CVSS 9.1 (critical): Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control…
CVE-2025-7493 — CVSS 9.1 (critical): A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where…
CVE-2025-4404 — CVSS 9.1 (critical): A privilege escalation from host to domain vulnerability was found in the FreeIPA project. The FreeIPA package fails to validate the…
CVE-2026-40365 — CVSS 8.8 (high): Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-35436 — CVSS 8.8 (high): Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
CVE-2025-8049 — CVSS 8.8 (high): Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control…
CVE-2025-29987 — CVSS 8.8 (high): Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) versions prior to 8.3.0.15 contain an Insufficient Granularity of…
CVE-2024-21962: Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in…
CVE-2025-3648: A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain…
CVE-2024-5389 — CVSS 8.1 (high): In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and…
CVE-2024-53295 — CVSS 7.8 (high): Dell PowerProtect DD versions prior to 8.3.0.0, 7.10.1.50, and 7.13.1.20 contain an improper access control vulnerability. A local…
CVE-2023-44285 — CVSS 7.8 (high): Dell PowerProtect DD, versions prior to 7.13.0.10, LTS 7.7.5.25, LTS 7.10.1.15, 6.2.1.110 contain an improper access control vulnerability…
CVE-2024-21947 — CVSS 7.5 (high): Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially…
CVE-2025-22839 — CVSS 7.5 (high): Insufficient granularity of access control in the OOB-MSM for some Intel(R) Xeon(R) 6 Scalable processors may allow a privileged user to…
CVE-2023-31343 — CVSS 7.5 (high): Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code…
CVE-2023-31342 — CVSS 7.5 (high): Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code…
CVE-2024-13256 — CVSS 7.5 (high): Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact…
CVE-2024-8927 — CVSS 7.5 (high): In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, HTTP_REDIRECT_STATUS variable is used to check whether or…
CVE-2025-20111 — CVSS 7.4 (high): A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone…
CVE-2021-46747: Insufficient granularity of access control in ASP (AMD Secure Processor) may allow an attacker with an untrusted user space application to…
CVE-2025-20628: An insufficient granularity of access control vulnerability exists in PingIDM (formerly ForgeRock Identity Management) where administrators…
CVE-2024-29200 — CVSS 6.8 (medium): Kimai is a web-based multi-user time-tracking application. The permission `view_other_timesheet` performs differently for the Kimai UI and…
CVE-2024-4147 — CVSS 6.5 (medium): In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to delete prompts created in…
CVE-2024-39279 — CVSS 6.5 (medium): Insufficient granularity of access control in UEFI firmware in some Intel(R) processors may allow a authenticated user to potentially…
CVE-2024-6867 — CVSS 6.5 (medium): An information disclosure vulnerability exists in the lunary-ai/lunary, specifically in the `runs/{run_id}/related` endpoint. This endpoint…
CVE-2023-43040 — CVSS 6.5 (medium): IBM Spectrum Fusion HCI 2.5.2 through 2.7.2 could allow an attacker to perform unauthorized actions in RGW for Ceph due to improper bucket…
CVE-2023-32259 — CVSS 6.5 (medium): Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset…
CVE-2023-50713 — CVSS 6.5 (medium): Speckle Server provides server, frontend, 3D viewer, and other JavaScript utilities for the Speckle 3D data platform. A vulnerability in…
CVE-2024-11931 — CVSS 6.4 (medium): An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.0 prior to 17.6.4, from 17.7 prior to 17.7.3, and from…
CVE-2024-13272 — CVSS 6.3 (medium): Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs…
CVE-2023-4456 — CVSS 5.7 (medium): A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user…
CVE-2023-3227 — CVSS 5.7 (medium): Insufficient Granularity of Access Control in GitHub repository fossbilling/fossbilling prior to 0.5.0.
CVE-2026-20107 — CVSS 5.5 (medium): A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an…
CVE-2024-21971 — CVSS 5.5 (medium): Improper input validation in AMD Crash Defender could allow an attacker to provide the Windows® system process ID to a kernel-mode driver…
CVE-2023-6725 — CVSS 5.5 (medium): An access-control flaw was found in the OpenStack Designate component where private configuration information including access keys to BIND…
CVE-2025-11246 — CVSS 5.4 (medium): GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.4 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1…
CVE-2025-54461 — CVSS 5.3 (medium): ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited…
CVE-2025-1278 — CVSS 5.3 (medium): An issue has been discovered in GitLab CE/EE affecting all versions from 12.0 before 17.9.8, 17.10 before 17.10.6, and 17.11 before…
CVE-2025-2408 — CVSS 5.3 (medium): An issue has been discovered in GitLab CE/EE affecting all versions from 13.12 before 17.8.7, 17.9 before 17.9.6, and 17.10 before 17.10.4…
CVE-2024-2412 — CVSS 5.3 (medium): The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers…
CVE-2024-12619 — CVSS 5.2 (medium): An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1…