The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,642 vulnerabilities with CWE-269
CVE-2026-6389
HIGH
IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability
CVSS 8.8
CVE-2026-30769
HIGH
EnTech Taiwan TVicPort 4.0 - Privilege Escalation
CVSS 7.8
CVE-2026-5141
HIGH
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
CVSS 8.8
CVE-2026-6741
HIGH
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
CVSS 8.8
CVE-2026-7106
HIGH
Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation
CVSS 8.8
CVE-2026-41359
HIGH
OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
CVSS 7.1
CVE-2026-3621
HIGH
IBM WebSphere Application Server Liberty is affected by identity spoofing
CVSS 7.5
CVE-2026-1726
MEDIUM
Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager
CVSS 4.8
CVE-2026-6386
MEDIUM
Missing large page handling in pmap_pkru_update_range()
CVSS 6.2
CVE-2026-6769
HIGH
Privilege escalation in the Debugger component
CVSS 8.8
CVE-2026-6761
HIGH
Privilege escalation in the Networking component
CVSS 8.8
CVE-2026-6750
CRITICAL
Privilege escalation in the Graphics: WebRender component
CVSS 9.8
CVE-2026-31369
LOW
Privilege Bypass in PcManager
CVSS 3.2
CVE-2026-39386
HIGH
Neko has Self-service Privilege Escalation for Authenticated Users
CVSS 8.8
CVE-2026-29648
HIGH
OpenXiangShan NEMU - Privilege Escalation
CVSS 8.8
CVE-2026-29647
MEDIUM
OpenXiangShan NEMU - Privilege Escalation
CVSS 6.5
CVE-2026-35154
MEDIUM
Dell PowerProtect Data Domain 7.7.1.0-8.7.0.0 - Privilege Escalation
CVSS 6.3
CVE-2026-30269
CRITICAL
Doorman 0.1.0/1.0.2 - Privilege Escalation
CVSS 9.9
CVE-2026-40572
CRITICAL
NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange)
CVSS 9.0
CVE-2026-40317
CRITICAL
NovumOS has Privilege Escalation in the Syscall Interface
CVSS 9.3
CVE-2026-40484
CRITICAL
ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function
CVSS 9.1
CVE-2026-40002
MEDIUM
ZTE Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations.
CVSS 5.0
CVE-2026-23772
HIGH
Dell Storage Manager <8.0.3 - Privilege Escalation
CVSS 7.3
CVE-2026-4880
CRITICAL
Barcode Scanner (+Mobile App) <= 1.11.0 - Unauthenticated Privilege Escalation via Insecure Token Authentication
CVSS 9.8
CVE-2026-34393
HIGH
Weblate: Privilege escalation in the user API endpoint
CVSS 8.8
Details
Vulnerabilities
2,642
Exploit Likelihood
Medium