Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-52337 | 1 Trendmicro | 2 Deep Security, Deep Security Agent | 2025-06-20 | N/A | 7.8 HIGH |
|
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
|
|||||
| CVE-2024-33894 | 1 Hms-networks | 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more | 2025-06-20 | N/A | 8.8 HIGH |
|
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.
|
|||||
| CVE-2023-46810 | 2 Ivanti, Linux | 2 Secure Access Client, Linux Kernel | 2025-06-20 | N/A | 7.3 HIGH |
|
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
|
|||||
| CVE-2023-40289 | 1 Supermicro | 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more | 2025-06-18 | N/A | 7.2 HIGH |
|
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
|
|||||
| CVE-2023-50921 | 1 Gl-inet | 24 Gl-a1300, Gl-a1300 Firmware, Gl-ar300m and 21 more | 2025-06-18 | N/A | 9.8 CRITICAL |
|
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
|
|||||
| CVE-2024-29741 | 1 Google | 1 Android | 2025-06-17 | N/A | 7.8 HIGH |
|
In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-41099 | 1 Atos | 1 Eviden Cardos Api | 2025-06-17 | N/A | 7.8 HIGH |
|
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM).
|
|||||
| CVE-2023-4822 | 1 Grafana | 1 Grafana | 2025-06-16 | N/A | 6.7 MEDIUM |
|
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations.
It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally.
This means that any Organization Admin ...
Show More |
|||||
| CVE-2025-5491 | 2025-06-16 | N/A | 8.8 HIGH | ||
|
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.
|
|||||
| CVE-2024-22893 | 1 Openslides | 1 Openslides | 2025-06-13 | N/A | 7.5 HIGH |
|
OpenSlides 4.0.15 verifies passwords by comparing password hashes using a function with content-dependent runtime. This can allow attackers to obtain information about the password hash using a timing attack.
|
|||||
| CVE-2024-37665 | 1 Wvp-pro | 1 Gb28181 | 2025-06-13 | N/A | 8.8 HIGH |
|
An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.
|
|||||
| CVE-2024-41797 | 2025-06-12 | N/A | 4.3 MEDIUM | ||
|
A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) ...
Show More |
|||||
| CVE-2025-4681 | 2025-06-12 | N/A | N/A | ||
|
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
|
|||||
| CVE-2025-4601 | 2025-06-12 | N/A | 8.8 HIGH | ||
|
The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4 ...
Show More |
|||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | N/A | 8.4 HIGH |
|
IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.
|
|||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2025-06-11 | N/A | 9.8 CRITICAL |
|
An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls.
|
|||||
| CVE-2024-28391 | 1 Fmemodules | 1 B2b Quick Order Form | 2025-06-10 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.
|
|||||
| CVE-2023-41954 | 1 Properfraction | 1 Profilepress | 2025-06-09 | N/A | 8.6 HIGH |
|
Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1.
|
|||||
| CVE-2024-24882 | 1 Themegrill | 1 Masteriyo | 2025-06-09 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.
|
|||||
| CVE-2020-13776 | 3 Fedoraproject, Netapp, Systemd Project | 4 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 1 more | 2025-06-09 | 6.2 MEDIUM | 6.7 MEDIUM |
|
systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082.
|
|||||
| CVE-2025-27811 | 1 Razer | 1 Synapse 4 | 2025-06-09 | N/A | 7.8 HIGH |
|
A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service.
|
|||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | N/A | 7.8 HIGH |
|
Windows Win32k Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | N/A | 8.8 HIGH |
|
Active Directory Domain Services Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | N/A | 7.0 HIGH |
|
Azure Batch Node Agent Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | N/A | 7.8 HIGH |
|
System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-22795 | 1 Forescout | 1 Secureconnector | 2025-06-05 | N/A | 7.0 HIGH |
|
Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component.
|
|||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | N/A | 8.1 HIGH |
|
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the ...
Show More |
|||||
| CVE-2022-34706 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | N/A | 7.8 HIGH |
|
Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-34703 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-04 | N/A | 7.8 HIGH |
|
Windows Partition Management Driver Elevation of Privilege Vulnerability
|
|||||
| CVE-2020-36603 | 1 Hoyoverse | 1 Mhyprot2 | 2025-06-04 | N/A | 6.5 MEDIUM |
|
The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges.
|
|||||
| CVE-2024-27181 | 1 Apache | 1 Linkis | 2025-06-03 | N/A | 8.8 HIGH |
|
In Apache Linkis <= 1.5.0,
Privilege Escalation in Basic management services where the attacking user is
a trusted account
allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue.
|
|||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | N/A | 8.8 HIGH |
|
A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator.
|
|||||
| CVE-2022-39007 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | N/A | 9.8 CRITICAL |
|
The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.
|
|||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
|
|||||
| CVE-2025-26396 | 2025-06-02 | N/A | 7.8 HIGH | ||
|
The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability.
|
|||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
|
Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.
|
|||||
| CVE-2023-50726 | 1 Argoproj | 1 Argo Cd | 2025-06-02 | N/A | 6.4 MEDIUM |
|
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All othe ...
Show More |
|||||
| CVE-2025-4636 | 2025-05-30 | N/A | 7.8 HIGH | ||
|
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user
|
|||||
| CVE-2024-51392 | 2025-05-30 | N/A | 8.8 HIGH | ||
|
An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component
|
|||||
| CVE-2023-43845 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
|
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges.
|
|||||