Total
289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-20017 | 2026-03-05 | N/A | 6.0 MEDIUM | ||
|
A vulnerability in the CLI of Cisco Secure FTD Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as root. To exploit this vulnerability, the attacker must have valid administrative credentials on an affected device.
This vulnerability is due to insufficient input validation of user-supplied command arguments. An attacker could exploit this vulnerability by submitting crafted input for a specific CLI command. A successful exp ...
Show More |
|||||
| CVE-2026-21421 | 1 Dell | 1 Powerscale Onefs | 2026-03-04 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to elevation of privileges.
|
|||||
| CVE-2026-21424 | 1 Dell | 1 Powerscale Onefs | 2026-03-04 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2026-21426 | 1 Dell | 1 Powerscale Onefs | 2026-03-04 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS, versions prior to 9.10.1.6 and versions 9.11.0.0 through 9.12.0.1, contains an execution with unnecessary privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service, elevation of privileges, and information disclosure.
|
|||||
| CVE-2026-1680 | 1 Danofficeit | 1 Local Admin Service | 2026-03-03 | N/A | 7.8 HIGH |
|
Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions.
|
|||||
| CVE-2026-21882 | 2026-03-02 | N/A | 8.4 HIGH | ||
|
theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0.
|
|||||
| CVE-2026-20037 | 2026-02-27 | N/A | 4.4 MEDIUM | ||
|
A vulnerability in the NX-OS CLI privilege levels of Cisco UCS Manager Software could allow an authenticated, local attacker with read-only privileges to modify files and perform unauthorized actions on an affected system.
This vulnerability exists because unnecessary privileges are given to the user. An attacker could exploit this vulnerability by authenticating to a device as a read-only user and connecting to the NX-OS CLI. A successful exploit could allow the attacker to create or o ...
Show More |
|||||
| CVE-2026-27208 | 1 Bleon-ethical | 1 Api-gateway-deploy | 2026-02-26 | N/A | 9.2 CRITICAL |
|
bleon-ethical/api-gateway-deploy provides API gateway deployment. Version 1.0.0 is vulnerable to an attack chain involving OS Command Injection and Privilege Escalation. This allows an attacker to execute arbitrary commands with root privileges within the container, potentially leading to a container escape and unauthorized infrastructure modifications. This is fixed in version 1.0.1 by implementing strict input sanitization and secure delimiters in entrypoint.sh, enforcing a non-root user (appu ...
Show More |
|||||
| CVE-2023-32486 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS 9.5.x version contain a privilege escalation vulnerability. A low privilege local attacker could potentially exploit this vulnerability, leading to escalation of privileges.
|
|||||
| CVE-2024-25967 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 6.7 MEDIUM |
|
Dell PowerScale OneFS versions 8.2.x through 9.7.0.1 contains an execution with unnecessary privileges vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
|
|||||
| CVE-2024-32853 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 4.4 MEDIUM |
|
Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution with unnecessary privileges vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to escalation of privileges.
|
|||||
| CVE-2026-27002 | 1 Openclaw | 1 Openclaw | 2026-02-20 | N/A | 9.8 CRITICAL |
|
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, a configuration injection issue in the Docker tool sandbox could allow dangerous Docker options (bind mounts, host networking, unconfined profiles) to be applied, enabling container escape or host data access. OpenClaw 2026.2.15 blocks dangerous sandbox Docker settings and includes runtime enforcement when building `docker create` args; config-schema validation for `network=host`, `seccompProfile=unconfined`, `apparmorProfile=uncon ...
Show More |
|||||
| CVE-2026-23742 | 1 Zalando | 1 Skipper | 2026-02-18 | N/A | 8.8 HIGH |
|
Skipper is an HTTP router and reverse proxy for service composition. The default skipper configuration before 0.23.0 was -lua-sources=inline,file. The problem starts if untrusted users can create lua filters, because of -lua-sources=inline , for example through a Kubernetes Ingress resource. The configuration inline allows these user to create a script that is able to read the filesystem accessible to the skipper process and if the user has access to read the logs, they an read skipper secrets. ...
Show More |
|||||
| CVE-2025-36059 | 1 Ibm | 1 Business Automation Workflow | 2026-02-17 | N/A | 4.7 MEDIUM |
|
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls.
|
|||||
| CVE-2026-22549 | 3 F5, Kubernetes, Redhat | 3 Big-ip Container Ingress Services, Kubernetes, Openshift | 2026-02-13 | N/A | 4.9 MEDIUM |
|
A vulnerability exists in F5 BIG-IP Container Ingress Services that may allow excessive permissions to read cluster secrets. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2025-1790 | 2026-02-13 | N/A | N/A | ||
|
Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.
|
|||||
| CVE-2026-25643 | 1 Frigate | 1 Frigate | 2026-02-11 | N/A | 9.1 CRITICAL |
|
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive. The go2rtc service executes these commands without restrictions. This vulnerability is only exploitable by a ...
Show More |
|||||
| CVE-2026-25740 | 2026-02-09 | N/A | N/A | ||
|
captive browser, a dedicated Chrome instance to log into captive portals without messing with DNS settings. In 25.05 and earlier, when programs.captive-browser is enabled, any user of the system can run arbitrary commands with the CAP_NET_RAW capability (binding to privileged ports, spoofing localhost traffic from privileged services...). This vulnerability is fixed in 25.11 and 26.05.
|
|||||
| CVE-2026-0870 | 2026-02-09 | N/A | 7.8 HIGH | ||
|
MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges.
|
|||||
| CVE-2025-58383 | 1 Broadcom | 1 Fabric Operating System | 2026-02-06 | N/A | 7.2 HIGH |
|
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands.
|
|||||
| CVE-2025-58379 | 1 Broadcom | 1 Fabric Operating System | 2026-02-06 | N/A | 5.5 MEDIUM |
|
Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user.
|
|||||
| CVE-2025-36184 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 7.2 HIGH |
|
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
|
|||||
| CVE-2025-13375 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
|
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
|
|||||
| CVE-2025-22890 | 1 Hummingheads | 1 Defense Platform | 2026-02-04 | N/A | 8.8 HIGH |
|
Execution with unnecessary privileges issue exists in Defense Platform Home Edition Ver.3.9.51.x and earlier. If an attacker performs a specific operation, SYSTEM privilege of the Windows system where the product is running may be obtained.
|
|||||
| CVE-2025-61958 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2026-02-04 | N/A | 8.7 HIGH |
|
A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2025-59481 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2026-02-04 | N/A | 8.7 HIGH |
|
A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
|
|||||
| CVE-2025-46696 | 1 Dell | 1 Secure Connect Gateway | 2026-02-03 | N/A | 6.4 MEDIUM |
|
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
|
|||||
| CVE-2025-8486 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
|
A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.
|
|||||
| CVE-2025-12420 | 1 Servicenow | 2 Now Assist Ai Agents, Virtual Agent Api | 2026-01-27 | N/A | 9.8 CRITICAL |
|
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform.
ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerab ...
Show More |
|||||
| CVE-2026-23528 | 2026-01-26 | N/A | N/A | ||
|
Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an ...
Show More |
|||||
| CVE-2025-40942 | 1 Siemens | 1 Telecontrol Server Basic | 2026-01-22 | N/A | 8.8 HIGH |
|
A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges.
|
|||||
| CVE-2025-43017 | 1 Hp | 1 Thinpro | 2026-01-21 | N/A | 9.8 CRITICAL |
|
HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities.
|
|||||
| CVE-2025-43990 | 1 Dell | 1 Command Monitor | 2026-01-21 | N/A | 7.3 HIGH |
|
Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
|
|||||
| CVE-2025-50505 | 2026-01-21 | N/A | 7.8 HIGH | ||
|
Clash Verge Rev thru 2.2.3 (fixed in 2.3.0) forces the installation of system services(clash-verge-service) by default and exposes key functions through the unauthorized HTTP API `/start_clash`, allowing local users to submit arbitrary bin_path parameters and pass them directly to the service process for execution, resulting in local privilege escalation.
|
|||||
| CVE-2025-33223 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | N/A | 9.8 CRITICAL |
|
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
|
|||||
| CVE-2025-33224 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | N/A | 9.8 CRITICAL |
|
NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
|
|||||
| CVE-2025-3892 | 1 Axis | 1 Axis Os | 2026-01-13 | N/A | 6.7 MEDIUM |
|
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
|
|||||
| CVE-2025-0921 | 2026-01-09 | N/A | 6.5 MEDIUM | ||
|
Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric MC Works64 all versions, Mitsubishi Electric GENESIS version 11.00, Mitsubishi Electric Iconics Digital Solutions GENESIS version 11.00, Mitsubishi Electric GENESIS32 a ...
Show More |
|||||
| CVE-2025-1977 | 2025-12-31 | N/A | N/A | ||
|
The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability (CVE-2025-1977) that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC (Moxa CLI Configuration) tool. The issue can be exploited remotely over the network with low-attack complexity and no user interaction but requires specific system conditions or configurations to be present. Successful exploitation may result in changes to device ...
Show More |
|||||
| CVE-2025-34290 | 2025-12-23 | N/A | N/A | ||
|
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating the requesting user. Due to improper privilege handling and a time-of-check time-of-use race condition combined with symbolic link and mount point manipulation, a local authenticated attacker can coerce ...
Show More |
|||||