CVE-2025-41115 — CVSS 10.0 (critical): SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in…
CVE-2026-42368 — CVSS 9.9 (critical): A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP…
CVE-2026-32922 — CVSS 9.9 (critical): OpenClaw before 2026.3.11 contains a privilege escalation vulnerability in device.token.rotate that allows callers with operator.pairing…
CVE-2026-22907 — CVSS 9.9 (critical): An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data.
CVE-2025-62645 — CVSS 9.9 (critical): The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token…
CVE-2025-10725 — CVSS 9.9 (critical): A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data…
CVE-2025-54049 — CVSS 9.9 (critical): Incorrect Privilege Assignment vulnerability in miniOrange Custom API for WP custom-api-for-wp allows Privilege Escalation.This issue…
CVE-2025-26512 — CVSS 9.9 (critical): SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user…
CVE-2026-57692 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from…
CVE-2026-22337 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects…
CVE-2026-33519 — CVSS 9.8 (critical): An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not…
CVE-2026-33518 — CVSS 9.8 (critical): An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged…
CVE-2026-32520 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in Andrew Munro / AffiliateWP RewardsWP rewardswp allows Privilege Escalation.This issue…
CVE-2026-27051 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <=…
CVE-2026-24968 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in Xagio SEO Xagio SEO xagio-seo allows Privilege Escalation.This issue affects Xagio SEO…
CVE-2026-27542 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in Rymera Web Co Pty Ltd. Woocommerce Wholesale Lead Capture woocommerce-wholesale-lead-capture…
CVE-2026-27983 — CVSS 9.8 (critical): Incorrect Privilege Assignment vulnerability in designthemes LMS Elementor Pro lms-elementor-pro allows Privilege Escalation.This issue…