Common Weakness Enumeration

CWE-266

Allowed

Incorrect Privilege Assignment

Abstraction: Base · Status: Draft

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

1913 vulnerabilities reference this CWE, most recent first.

GHSA-JJX5-R5W6-73PH

Vulnerability from github – Published: 2025-03-20 18:30 – Updated: 2025-03-20 18:30
VLAI
Details

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-2550"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-20T17:15:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.",
  "id": "GHSA-jjx5-r5w6-73ph",
  "modified": "2025-03-20T18:30:31Z",
  "published": "2025-03-20T18:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2550"
    },
    {
      "type": "WEB",
      "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-605L-formSetDDNS-1b153a41781f80feb80bd24afc8f83d5?pvs=4"
    },
    {
      "type": "WEB",
      "url": "https://lavender-bicycle-a5a.notion.site/D-Link-DIR-618-formSetDDNS-1b053a41781f80659702da9a589e4f4a?pvs=4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.300164"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.300164"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.516792"
    },
    {
      "type": "WEB",
      "url": "https://www.dlink.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JM43-HRQ7-R7W6

Vulnerability from github – Published: 2025-06-13 20:24 – Updated: 2026-04-14 18:26
VLAI
Summary
XWiki allows privilege escalation through link refactoring
Details

Impact

Pages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. This vulnerability affects all version of XWiki since 8.2 and 7.4.5.

Patches

The patch consists in only setting the originalMetadataAuthor when performing such change, so that it's displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation).

This patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.

Workarounds

There's no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights. Administrators are strongly advised to upgrade. If not possible, the patch only impacts module xwiki-platform-refactoring-default so it's possible to apply the commit and rebuild and deploy only that module.

CVSS explanation

Attack vector: Network - Always for XWiki. Complexity: Low - The set of operations to perform the attack is quite easy. Attack requirements: None - Any system is vulnerable, it doesn't depend on specific condition other than user interaction. Privileges required: Low - The attacker only needs edit rights. User interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page. Confidentiality: High - The attack might lead to execution of any script. Integrity: High - The attack might lead to execution of any script. Availability: High - The attack might lead to execution of any script. Subsequent system impacts: None for any criteria. Only current system is affected.

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "17.0.0-rc-1"
            },
            {
              "fixed": "17.1.0-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.5.0-rc-1"
            },
            {
              "fixed": "16.10.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.2"
            },
            {
              "fixed": "16.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c 8.0-milestone-1"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-refactoring-default"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "7.4.5"
            },
            {
              "fixed": "16.4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-49580"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-13T20:24:24Z",
    "nvd_published_at": "2025-06-13T16:15:27Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nPages can gain script or programming rights when they contain a link and the target of the link is renamed or moved. This might lead to execution of scripts contained in xobjects that should have never been executed. \nThis vulnerability affects all version of XWiki since 8.2 and 7.4.5.\n\n### Patches\n\nThe patch consists in only setting the `originalMetadataAuthor` when performing such change, so that it\u0027s displayed in the history but it has no impact on the right evaluation (i.e. the original author of the changes is still used for right computation). \n\nThis patch has been applied on XWiki 16.4.7, 17.1.0RC1, 16.10.4.\n\n### Workarounds\n\nThere\u0027s no workaround for this vulnerability, except preventing to perform any refactoring operation with users having more than edit rights. \nAdministrators are strongly advised to upgrade. If not possible, the patch only impacts module `xwiki-platform-refactoring-default` so it\u0027s possible to apply the commit and rebuild and deploy only that module.\n\n### CVSS explanation\n\nAttack vector: Network - Always for XWiki.\nComplexity: Low - The set of operations to perform the attack is quite easy.\nAttack requirements: None - Any system is vulnerable, it doesn\u0027t depend on specific condition other than user interaction.\nPrivileges required: Low - The attacker only needs edit rights.\nUser interaction: Active - To be successful the attack needs someone with more rights to perform a move/rename of a specific page.\nConfidentiality: High - The attack might lead to execution of any script.\nIntegrity: High - The attack might lead to execution of any script.\nAvailability: High - The attack might lead to execution of any script.\nSubsequent system impacts: None for any criteria. Only current system is affected.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
  "id": "GHSA-jm43-hrq7-r7w6",
  "modified": "2026-04-14T18:26:09Z",
  "published": "2025-06-13T20:24:24Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jm43-hrq7-r7w6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-49580"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/ab209acd780da69a4c5ff77ff011efd698273cec"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-22836"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XWiki allows privilege escalation through link refactoring"
}

GHSA-JMC9-6MCV-32WV

Vulnerability from github – Published: 2022-05-24 17:11 – Updated: 2023-02-02 21:33
VLAI
Details

A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-1705"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266",
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-19T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in openshift/template-service-broker-operator in all 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the /etc/passwd file was found in the openshift/template-service-broker-operator. An attacker with access to the container could use this flaw to modify /etc/passwd and escalate their privileges.",
  "id": "GHSA-jmc9-6mcv-32wv",
  "modified": "2023-02-02T21:33:40Z",
  "published": "2022-05-24T17:11:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1705"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/articles/4859371"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHBA-2020:1278"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:0866"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-1705"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793304"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1705"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JMMC-J836-R5V7

Vulnerability from github – Published: 2025-12-24 21:30 – Updated: 2025-12-24 21:30
VLAI
Details

Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-25148"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-12-24T20:15:49Z",
    "severity": "HIGH"
  },
  "details": "Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system.",
  "id": "GHSA-jmmc-j836-r5v7",
  "modified": "2025-12-24T21:30:32Z",
  "published": "2025-12-24T21:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-25148"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/45038"
    },
    {
      "type": "WEB",
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5479.php"
    },
    {
      "type": "WEB",
      "url": "http://www.microhardcorp.com"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JPF3-PMMR-RR7V

Vulnerability from github – Published: 2026-04-25 12:32 – Updated: 2026-04-25 12:32
VLAI
Details

A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6977"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-25T11:16:19Z",
    "severity": "MODERATE"
  },
  "details": "A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jpf3-pmmr-rr7v",
  "modified": "2026-04-25T12:32:04Z",
  "published": "2026-04-25T12:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6977"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yidaozhongqing/York/issues/2"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/795331"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359520"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359520/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JPFG-XQCG-WG8P

Vulnerability from github – Published: 2026-02-07 09:32 – Updated: 2026-02-07 09:32
VLAI
Details

A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\PermissionController.java of the component Permission Management. Performing a manipulation results in improper authorization. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-2078"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-07T08:15:51Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\\repos\\warehouse\\src\\main\\java\\com\\yeqifu\\sys\\controller\\PermissionController.java of the component Permission Management. Performing a manipulation results in improper authorization. The attack may be initiated remotely. The exploit is now public and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-jpfg-xqcg-wg8p",
  "modified": "2026-02-07T09:32:03Z",
  "published": "2026-02-07T09:32:03Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2078"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse/issues/55"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse/issues/55#issue-3846656775"
    },
    {
      "type": "WEB",
      "url": "https://github.com/yeqifu/warehouse"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.344644"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.344644"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.745513"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JQ8X-V7JW-V675

Vulnerability from github – Published: 2025-06-06 15:30 – Updated: 2025-07-31 18:31
VLAI
Summary
Duplicate Advisory: users may append `root` to group listings
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references.

Original Description

A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "users"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.8.0"
            },
            {
              "last_affected": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-06-06T23:16:21Z",
    "nvd_published_at": "2025-06-06T14:15:23Z",
    "severity": "HIGH"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references.\n\n### Original Description\nA flaw was found in the user\u0027s crate for Rust. This vulnerability allows privilege escalation via incorrect group listing when a user or process has fewer than exactly 1024 groups, leading to the erroneous inclusion of the root group in the access list.",
  "id": "GHSA-jq8x-v7jw-v675",
  "modified": "2025-07-31T18:31:57Z",
  "published": "2025-06-06T15:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5791"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ogham/rust-users/issues/44"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2025:12359"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2025-5791"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370001"
    },
    {
      "type": "WEB",
      "url": "https://crates.io/crates/users"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2025-0040.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Duplicate Advisory: users may append `root` to group listings",
  "withdrawn": "2025-06-06T23:16:21Z"
}

GHSA-JRGQ-7F9R-3MM2

Vulnerability from github – Published: 2025-09-04 21:31 – Updated: 2025-09-05 18:31
VLAI
Details

In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48526"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-04T19:15:38Z",
    "severity": "MODERATE"
  },
  "details": "In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
  "id": "GHSA-jrgq-7f9r-3mm2",
  "modified": "2025-09-05T18:31:19Z",
  "published": "2025-09-04T21:31:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48526"
    },
    {
      "type": "WEB",
      "url": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/923a5673ac9d4b366097a8912a04e40e85111ed4"
    },
    {
      "type": "WEB",
      "url": "https://source.android.com/security/bulletin/2025-09-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV85-6MGR-3W99

Vulnerability from github – Published: 2026-02-26 00:31 – Updated: 2026-03-08 09:30
VLAI
Details

A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-3209"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-25T23:16:21Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in fosrl Pangolin up to 1.15.4-s.3. This affects the function verifyRoleAccess/verifyApiKeyRoleAccess of the component Role Handler. The manipulation leads to improper access controls. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.4-s.4 mitigates this issue. The identifier of the patch is 5e37c4e85fae68e756be5019a28ca903b161fdd5. Upgrading the affected component is advised.",
  "id": "GHSA-jv85-6mgr-3w99",
  "modified": "2026-03-08T09:30:20Z",
  "published": "2026-02-26T00:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-3209"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fosrl/pangolin/pull/2511"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fosrl/pangolin/commit/5e37c4e85fae68e756be5019a28ca903b161fdd5"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/henrrrychau/0457bef6776d0c99688f9cf55cdf55f7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fosrl/pangolin"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fosrl/pangolin/releases/tag/1.15.4-s.4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.347796"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.347796"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.765676"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.766215"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-JVJW-3FF6-JFJH

Vulnerability from github – Published: 2025-04-16 06:31 – Updated: 2025-04-16 06:31
VLAI
Details

A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-3667"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-266"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-16T05:15:32Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in TOTOLINK A3700R 9.1.2u.5822_B20200513. It has been classified as critical. This affects the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-jvjw-3ff6-jfjh",
  "modified": "2025-04-16T06:31:02Z",
  "published": "2025-04-16T06:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-3667"
    },
    {
      "type": "WEB",
      "url": "https://lavender-bicycle-a5a.notion.site/TOTOLINK-A3700R-setUPnPCfg-1cb53a41781f802b8b16f973366ee5e3?pvs=4"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.304845"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.304845"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.551299"
    },
    {
      "type": "WEB",
      "url": "https://www.totolink.net"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

Mitigation MIT-1
Architecture and Design Operation

Very carefully manage the setting, management, and handling of privileges. Explicitly manage trust zones in the software.

Mitigation MIT-17
Architecture and Design Operation

Strategy: Environment Hardening

Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.

No CAPEC attack patterns related to this CWE.