The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
2,771 vulnerabilities with CWE-269
CVE-2026-5373
HIGH
runZero Platform superuser privilege escalation
CVSS 8.1
CVE-2026-33727
MEDIUM
Pi-hole 6.4 versions File - Local Privilege Escalation
CVSS 6.4
CVE-2026-27456
MEDIUM
util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup
CVSS 4.7
CVE-2026-34528
HIGH
File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
CVSS 8.1
CVE-2026-34397
MEDIUM
himmelblau: NSS fake-primary group lookup reintroduces name collision risk
CVSS 6.3
CVE-2026-33074
MEDIUM
Discourse Subscriptions Plugin - Higher-Tier Subscription Privilege Escalation
CVSS 5.3
CVE-2026-34218
MEDIUM
ClearanceKit: Managed and user-defined policy rules not enforced between opfilter start and first policy modification
CVSS 5.5
CVE-2026-33906
HIGH
Ella Core has Privilege Escalation via Database Restore by NetworkManager role
CVSS 7.2
CVE-2026-2931
HIGH
Amelia Booking <= 9.1.2 - Authenticated (Customer+) Insecure Direct Object Reference to Arbitrary User Password Change
CVSS 8.8
CVE-2026-30892
NONE
Crun incorrectly parses `crun exec` option `-u`, leading to privilege escalation
CVE-2026-4824
HIGH
Enter Software Iperius Backup Backup Job Configuration File privileges management
CVSS 7.0
CVE-2026-28889
MEDIUM
Apple Xcode <26.4 - Privilege Escalation
CVSS 6.2
CVE-2026-20607
MEDIUM
macOS <14.8.5 - Privilege Escalation
CVSS 4.0
CVE-2026-33509
HIGH
pyload-ng: SETTINGS Permission Users Can Achieve Remote Code Execution via Unrestricted Reconnect Script Configuration
CVSS 7.5
CVE-2026-33334
CRITICAL
Vikunja Desktop: Any frontend XSS escalates to Remote Code Execution due to nodeIntegration
CVSS 9.6
CVE-2026-29111
MEDIUM
systemd v239-v249 - Memory Corruption
CVSS 5.5
CVE-2026-4314
HIGH
The Ultimate WordPress Toolkit – WP Extended <= 3.2.4 - Authenticated (Subscriber+) Privilege Escalation via Menu Editor Module
CVSS 8.8
CVE-2026-3629
HIGH
Import and export users and customers <= 1.29.7 - Privilege Escalation to Administrator via save_extra_user_profile_fields
CVSS 8.1
CVE-2026-2375
MEDIUM
App Builder – Create Native Android & iOS Apps On The Flight <= 5.5.10 - Unauthenticated Privilege Escalation via 'role' Parameter
CVSS 6.5
CVE-2026-31836
HIGH
Mass Assignment Privilege Escalation in Checkmate
CVSS 8.1
CVE-2026-30888
LOW
Discourse has moderator privilege escalation via arbitrary post_id in suspend/silence endpoint
CVSS 2.2
CVE-2026-32760
CRITICAL
File Browser Self Registration Grants Any User Admin Access When Default Permissions Include Admin
CVSS 9.8
CVE-2026-30874
LOW
OpenWrt procd PATH Environment Variable Filter Bypass via Incorrect String Comparison Leads to Privilege Escalation
CVE-2026-25770
CRITICAL
Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
CVSS 9.1
CVE-2026-32106
MEDIUM
StudioCMS <0.4.3 - Privilege Escalation
CVSS 4.7
Details
Vulnerabilities
2,771
Exploit Likelihood
Medium