Vulnerabilities > Incorrect Privilege Assignment
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-17 | CVE-2024-9863 | The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. | 9.8 |
| 2024-09-07 | CVE-2024-40681 | IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager. | 7.5 |
| 2024-02-13 | CVE-2023-6815 | Incorrect Privilege Assignment vulnerability in Mitsubishielectric products Incorrect Privilege Assignment vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series Safety CPU R08/16/32/120SFCPU all versions and MELSEC iQ-R Series SIL2 Process CPU R08/16/32/120PSFCPU all versions allows a remote authenticated attacker who has logged into the product as a non-administrator user to disclose the credentials (user ID and password) of a user with a lower access level than the attacker by sending a specially crafted packet. | 6.5 |
| 2024-01-08 | CVE-2023-47140 | Incorrect Privilege Assignment vulnerability in IBM Cics Transaction Gateway 9.3 IBM CICS Transaction Gateway 9.3 could allow a user to transfer or view files due to improper access controls. | 8.1 |
| 2023-07-25 | CVE-2023-39173 | Incorrect Privilege Assignment vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access | 8.8 |
| 2023-06-22 | CVE-2023-28956 | Incorrect Privilege Assignment vulnerability in IBM Spectrum Protect Backup-Archive Client IBM Spectrum Protect Backup-Archive Client 8.1.0.0 through 8.1.17.2 may allow a local user to escalate their privileges due to improper access controls. | 7.8 |
| 2022-12-03 | CVE-2022-4272 | Incorrect Privilege Assignment vulnerability in Warehouse Management System Project Warehouse Management System A vulnerability, which was classified as critical, has been found in FeMiner wms. | 9.8 |
| 2022-11-02 | CVE-2022-3826 | Incorrect Privilege Assignment vulnerability in Huaxiaerp Huaxia ERP A vulnerability was found in Huaxia ERP. | 6.5 |
| 2022-10-31 | CVE-2022-3770 | Incorrect Privilege Assignment vulnerability in Xjyunjing Yunjing Content Management System A vulnerability classified as critical was found in Yunjing CMS. | 8.8 |
| 2022-04-04 | CVE-2022-1225 | Incorrect Privilege Assignment vulnerability in PHPipam Incorrect Privilege Assignment in GitHub repository phpipam/phpipam prior to 1.4.6. | 4.0 |