Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2002-0049 | 1 Microsoft | 1 Exchange Server | 2025-04-03 | 6.4 MEDIUM | N/A |
|
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
|
|||||
| CVE-2002-0080 | 2 Redhat, Samba | 2 Linux, Rsync | 2025-04-03 | 2.1 LOW | N/A |
|
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
|
|||||
| CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2025-04-03 | 2.1 LOW | N/A |
|
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files.
|
|||||
| CVE-2023-0101 | 1 Tenable | 1 Nessus | 2025-04-02 | N/A | 8.8 HIGH |
|
A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host.
|
|||||
| CVE-2022-38774 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2025-04-02 | N/A | 7.8 HIGH |
|
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
|
|||||
| CVE-2022-38775 | 2 Elastic, Microsoft | 2 Endpoint Security, Windows | 2025-04-02 | N/A | 7.8 HIGH |
|
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
|
|||||
| CVE-2025-0416 | 2025-04-01 | N/A | N/A | ||
|
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
|
|||||
| CVE-2025-22231 | 2025-04-01 | N/A | 7.8 HIGH | ||
|
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
|
|||||
| CVE-2025-2237 | 2025-04-01 | N/A | 9.8 CRITICAL | ||
|
The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. This is due to insufficient role restrictions in the 'process_register' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
|
|||||
| CVE-2024-53349 | 1 Linuxfoundation | 1 Kuadrant | 2025-04-01 | N/A | 7.4 HIGH |
|
Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster
|
|||||
| CVE-2024-53350 | 1 Kubeslice | 1 Kubeslice | 2025-04-01 | N/A | 7.4 HIGH |
|
Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges.
|
|||||
| CVE-2022-43997 | 1 Aternity | 1 Aternity | 2025-04-01 | N/A | 7.8 HIGH |
|
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.
|
|||||
| CVE-2024-1138 | 2025-03-28 | N/A | 8.8 HIGH | ||
|
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.
|
|||||
| CVE-2024-1764 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | N/A | 7.6 HIGH |
|
Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances
|
|||||
| CVE-2022-46359 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
|
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
|
|||||
| CVE-2022-46358 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
|
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
|
|||||
| CVE-2022-46357 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
|
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
|
|||||
| CVE-2022-46356 | 1 Hp | 1 Security Manager | 2025-03-28 | N/A | 8.8 HIGH |
|
Potential vulnerabilities have been identified in HP Security Manager which may allow escalation of privilege, arbitrary code execution, and information disclosure.
|
|||||
| CVE-2022-3990 | 1 Hp | 1 Hpsfviewer | 2025-03-28 | N/A | 7.8 HIGH |
|
HPSFViewer might allow Escalation of Privilege. This potential vulnerability was remediated on July 29th, 2022. Customers who opted for automatic updates should have already received the remediation.
|
|||||
| CVE-2024-22264 | 2025-03-27 | N/A | 7.2 HIGH | ||
|
VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system.
|
|||||
| CVE-2022-23455 | 1 Hp | 1 Support Assistant | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.
|
|||||
| CVE-2021-3809 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
|
|||||
| CVE-2021-3808 | 1 Hp | 362 Elite Dragonfly, Elite Dragonfly Firmware, Elite Slice and 359 more | 2025-03-27 | N/A | 7.8 HIGH |
|
Potential security vulnerabilities have been identified in the BIOS (UEFI Firmware) for certain HP PC products, which might allow arbitrary code execution. HP is releasing firmware updates to mitigate these potential vulnerabilities.
|
|||||
| CVE-2021-3439 | 1 Hp | 754 200 G3 All-in-one \(rom Family Ssid 8431\), 200 G3 All-in-one \(rom Family Ssid 8431\) Firmware, 200 G3 All-in-one \(rom Family Ssid 84de\) and 751 more | 2025-03-27 | N/A | 7.8 HIGH |
|
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
|
|||||
| CVE-2024-21121 | 1 Oracle | 1 Vm Virtualbox | 2025-03-27 | N/A | 6.5 MEDIUM |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in ...
Show More |
|||||
| CVE-2023-0524 | 1 Tenable | 3 Nessus, Tenable.io, Tenable.sc | 2025-03-27 | N/A | 8.8 HIGH |
|
As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates ...
Show More |
|||||
| CVE-2024-23710 | 1 Google | 1 Android | 2025-03-26 | N/A | 7.8 HIGH |
|
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2022-48019 | 1 Wfs | 1 Another Eden | 2025-03-26 | N/A | 7.8 HIGH |
|
The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload.
|
|||||
| CVE-2023-20854 | 2 Microsoft, Vmware | 2 Windows, Workstation | 2025-03-26 | N/A | 8.4 HIGH |
|
VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.
|
|||||
| CVE-2025-2232 | 1 Purethemes | 1 Realteo | 2025-03-25 | N/A | 9.8 CRITICAL |
|
The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role.
|
|||||
| CVE-2024-24970 | 2025-03-25 | N/A | 6.5 MEDIUM | ||
|
Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege.
|
|||||
| CVE-2023-41957 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-25 | N/A | 8.6 HIGH |
|
Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.
|
|||||
| CVE-2022-38777 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2025-03-25 | N/A | 7.8 HIGH |
|
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.
|
|||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
|
The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
|
|||||
| CVE-2024-24402 | 1 Nagios | 1 Nagios Xi | 2025-03-24 | N/A | 9.8 CRITICAL |
|
An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.
|
|||||
| CVE-2024-26314 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-21 | N/A | 7.8 HIGH |
|
Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code.
|
|||||
| CVE-2024-30542 | 1 Wpxpo | 1 Wholesalex | 2025-03-21 | N/A | 9.8 CRITICAL |
|
Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.
|
|||||
| CVE-2024-22235 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-03-20 | N/A | 6.7 MEDIUM |
|
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.
|
|||||
| CVE-2022-27677 | 1 Amd | 1 Ryzen Master | 2025-03-19 | N/A | 7.8 HIGH |
|
Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low
privileges to modify files potentially leading to privilege escalation and code execution by the lower
privileged user.
|
|||||
| CVE-2022-42455 | 1 Asus | 1 Armoury Crate | 2025-03-19 | N/A | 7.8 HIGH |
|
ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges.
|
|||||