| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. |
| OpenClaw is a personal AI assistant. Prior to version 2026.2.14, under iMessage `groupPolicy=allowlist`, group authorization could be satisfied by sender identities coming from the DM pairing store, broadening DM trust into group contexts. Version 2026.2.14 fixes the issue. |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| IBM FlashSystem (IBM Storage Virtualize (8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1) could allow a remote attacker to bypass RPCAdapter endpoint authentication by sending a specifically crafted HTTP request. |
| Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. |
| Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network. |
| Memory corruption during memory mapping into protected VM address space due to incorrect API restrictions. |
| Memory corruption while processing image encoding, when input buffer length is 0 in IOCTL call. |
| Memory corruption while processing image encoding, when configuration is NULL in IOCTL parameter. |
| Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges. |
| Memory corruption may occur due top improper access control in HAB process. |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. |
| An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. |
| A Improper Access Control vulnerability in SUSE rancher allows a local user to impersonate other identities through SAML Authentication on first login.
This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3. |
| Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. |
