The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,771 vulnerabilities with CWE-269
CVE-2026-26946
MEDIUM
Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale < 4.3.0.0 - Privilege Escalation
CVSS 6.7
CVE-2026-42562
HIGH
Plainpad: Privilege Escalation via Writable Admin Field in Profile Update (Access Control)
CVSS 8.3
CVE-2026-41163
HIGH
bubblewrap vulnerable to privilege escalation in setuid mode via ptrace
CVE-2026-44987
LOW
SysReptor: Privilege Escalation from User Admin to Superuser
CVSS 3.8
CVE-2026-42185
MEDIUM
People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation
CVSS 5.5
CVE-2026-8069
HIGH
PredatorSense V3: Local Privilege Escalation (LPE) vulnerability
CVE-2026-7994
HIGH
Google Chrome < 148.0.7778.96 - Local Privilege Escalation via Malicious File
CVSS 7.8
CVE-2026-7977
MEDIUM
Google Chrome < 148.0.7778.96 - Same Origin Policy Bypass via Canvas
CVSS 6.3
CVE-2026-7971
MEDIUM
Google Chrome < 148.0.7778.96 - Site Isolation Bypass via ORB
CVSS 6.3
CVE-2026-40001
MEDIUM
Local privilege escalation vulnerability in ZTE PROCESS Guard service of the cloud computer client
CVSS 5.2
CVE-2026-7778
MEDIUM
runZero Platform dashboard configuration exposure
CVSS 5.0
CVE-2026-24072
HIGH
Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr
CVSS 8.8
CVE-2026-7641
HIGH
Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields
CVSS 8.8
CVE-2026-37525
HIGH
AGL app-framework-binder <v19.90.0 - Privilege Escalation
CVSS 7.8
CVE-2026-6389
HIGH
IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability
CVSS 8.8
CVE-2026-30769
HIGH
EnTech Taiwan TVicPort 4.0 - Privilege Escalation
CVSS 7.8
CVE-2026-5141
HIGH
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
CVSS 8.8
CVE-2026-6741
HIGH
LatePoint <= 5.4.1 - Authenticated (Agent+) Privilege Escalation to Administrator via 'connect-customer-to-wp-user' Ability
CVSS 8.8
CVE-2026-7106
HIGH
Highland Software Custom Role Manager <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation
CVSS 8.8
CVE-2026-41359
HIGH
OpenClaw < 2026.3.28 - Privilege Escalation via operator.write to Admin-Class Telegram Config and Cron Persistence
CVSS 7.1
CVE-2026-3621
HIGH
IBM WebSphere Application Server Liberty is affected by identity spoofing
CVSS 7.5
CVE-2026-1726
MEDIUM
IBM Guardium Key Lifecycle Manager 4.1-5.1 - Privilege Management Vulnerability
CVSS 4.8
CVE-2026-6386
MEDIUM
Missing large page handling in pmap_pkru_update_range()
CVSS 6.2
CVE-2026-6769
HIGH
Privilege escalation in the Debugger component
CVSS 8.8
CVE-2026-6761
HIGH
Privilege escalation in the Networking component
CVSS 8.8
Details
Vulnerabilities
2,771
Exploit Likelihood
Medium