Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-25011 | 1 Nec | 1 Pc Settings Tool | 2025-03-19 | N/A | 7.8 HIGH |
|
PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges.
|
|||||
| CVE-2022-42735 | 1 Apache | 1 Shenyu | 2025-03-19 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu.
ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own.
This issue affects Apache ShenYu: 2.5.0.
Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 .
|
|||||
| CVE-2025-26706 | 1 Zte | 1 Goldendb | 2025-03-19 | N/A | 5.4 MEDIUM |
|
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.
|
|||||
| CVE-2025-26705 | 1 Zte | 1 Goldendb | 2025-03-19 | N/A | 5.3 MEDIUM |
|
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
|
|||||
| CVE-2025-26704 | 1 Zte | 1 Goldendb | 2025-03-19 | N/A | 6.4 MEDIUM |
|
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
|
|||||
| CVE-2025-26703 | 1 Zte | 1 Goldendb | 2025-03-19 | N/A | 4.3 MEDIUM |
|
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.
|
|||||
| CVE-2023-37058 | 1 Unionman | 2 Jlink Ax1800, Jlink Ax1800 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
|
Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command.
|
|||||
| CVE-2023-24483 | 2 Citrix, Microsoft | 2 Virtual Apps And Desktops, Windows | 2025-03-18 | N/A | 7.8 HIGH |
|
A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA.
|
|||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2025-03-18 | N/A | 9.8 CRITICAL |
|
An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file.
|
|||||
| CVE-2023-20655 | 2 Google, Mediatek | 60 Android, Mt2715, Mt6580 and 57 more | 2025-03-17 | N/A | 7.8 HIGH |
|
In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.
|
|||||
| CVE-2024-54560 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | N/A | 5.5 MEDIUM |
|
A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission.
|
|||||
| CVE-2024-13376 | 2025-03-14 | N/A | 8.8 HIGH | ||
|
The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user ...
Show More |
|||||
| CVE-2023-51776 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-13 | N/A | 7.8 HIGH |
|
Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.
|
|||||
| CVE-2023-52543 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 6.2 MEDIUM |
|
Permission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2024-29779 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
|
there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-21892 | 2 Linux, Nodejs | 2 Linux Kernel, Node.js | 2025-03-13 | N/A | 7.8 HIGH |
|
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.
Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set.
This allows unprivileged users to inject code that inherits the process's elevated privileges.
|
|||||
| CVE-2023-21113 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
|
In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2023-52716 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
|
Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module.
Impact: Successful exploitation of this vulnerability will affect availability.
|
|||||
| CVE-2024-33224 | 2025-03-13 | N/A | 8.4 HIGH | ||
|
An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
|
|||||
| CVE-2024-21059 | 1 Oracle | 1 Solaris | 2025-03-13 | N/A | 7.8 HIGH |
|
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 ...
Show More |
|||||
| CVE-2025-0177 | 1 Javothemes | 1 Javo Core | 2025-03-13 | N/A | 9.8 CRITICAL |
|
The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
|
|||||
| CVE-2024-43121 | 1 Pluginus | 1 Husky - Products Filter Professional For Woocommerce | 2025-03-12 | N/A | 9.1 CRITICAL |
|
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
|
|||||
| CVE-2024-13835 | 1 Wpexpertplugins | 1 Post Meta Data Manager | 2025-03-12 | N/A | 7.2 HIGH |
|
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.
|
|||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2025-03-12 | N/A | 8.8 HIGH |
|
ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter.
|
|||||
| CVE-2024-2297 | 1 Bricksbuilder | 1 Bricks | 2025-03-11 | N/A | 7.1 HIGH |
|
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for ...
Show More |
|||||
| CVE-2022-48284 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | N/A | 9.8 CRITICAL |
|
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
|
|||||
| CVE-2022-48283 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | N/A | 9.8 CRITICAL |
|
A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.
|
|||||
| CVE-2022-32949 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2025-03-11 | N/A | 7.8 HIGH |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2022-32900 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges.
|
|||||
| CVE-2024-1442 | 1 Grafana | 1 Grafana | 2025-03-11 | N/A | 6.0 MEDIUM |
|
A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *.
Doing this will grant the user access to read, query, edit and delete all data sources within the organization.
|
|||||
| CVE-2023-23497 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges.
|
|||||
| CVE-2025-26707 | 2025-03-11 | N/A | 5.3 MEDIUM | ||
|
Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
|
|||||
| CVE-2024-4018 | 2 Beyondtrust, Microsoft | 2 U-series Appliance, Windows | 2025-03-10 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (local appliance api modules) allows Privilege Escalation.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
|
|||||
| CVE-2023-34045 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-03-07 | N/A | 6.6 MEDIUM |
|
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during
installation for the first time (the user needs to drag or copy the
application to a folder from the '.dmg' volume) or when installing an
upgrade. A malicious actor with local non-administrative user privileges may
exploit this vulnerability to escalate privileges to root on the system
where Fusion is installed or being installed for the first time.
|
|||||
| CVE-2022-45608 | 1 Thingsboard | 1 Thingsboard | 2025-03-07 | N/A | 8.8 HIGH |
|
An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value).
|
|||||
| CVE-2022-45988 | 1 Starsoftcomm | 1 Coocare | 2025-03-07 | N/A | 7.8 HIGH |
|
starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload.
|
|||||
| CVE-2023-41955 | 1 Wpdeveloper | 1 Essential Addons For Elementor | 2025-03-06 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation.This issue affects Essential Addons for Elementor: from n/a through 5.8.8.
|
|||||
| CVE-2024-8420 | 1 Sitesao | 1 Dhvc Form | 2025-03-06 | N/A | 9.8 CRITICAL |
|
The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.
|
|||||
| CVE-2024-4017 | 2 Beyondtrust, Microsoft | 2 U-series Appliance, Windows | 2025-03-06 | N/A | 8.8 HIGH |
|
Improper Privilege Management vulnerability in BeyondTrust U-Series Appliance on Windows, 64 bit (filesystem modules) allows DLL Side-Loading.This issue affects U-Series Appliance: from 3.4 before 4.0.3.
|
|||||
| CVE-2023-34057 | 2 Apple, Vmware | 2 Macos, Tools | 2025-03-06 | N/A | 7.8 HIGH |
|
VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.
|
|||||