VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Incorrect Privilege Assignment
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2024-10-17
CVE-2024-9863
The UserPro plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option.
network
low complexity
CWE-266
critical
9.8
9.8
2024-09-07
CVE-2024-40681
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager.
network
high complexity
CWE-266
7.5
7.5