Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | N/A | 6.5 MEDIUM |
|
ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports.
|
|||||
| CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-06 | N/A | 7.8 HIGH |
|
An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership.
|
|||||
| CVE-2023-21376 | 1 Google | 1 Android | 2025-03-06 | N/A | 5.5 MEDIUM |
|
In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2024-12281 | 2025-03-05 | N/A | 9.8 CRITICAL | ||
|
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role.
|
|||||
| CVE-2024-11951 | 2025-03-05 | N/A | 9.8 CRITICAL | ||
|
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.
|
|||||
| CVE-2022-48365 | 1 Ibexa | 3 Digital Experience Platform, Ez Platform, Ez Platform Kernel | 2025-03-04 | N/A | 7.2 HIGH |
|
An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges.
|
|||||
| CVE-2025-1425 | 2025-03-04 | N/A | N/A | ||
|
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671.
|
|||||
| CVE-2025-1424 | 2025-03-04 | N/A | N/A | ||
|
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.
This issue affects InkPad Color 3 in version U743k3.6.8.3671.
|
|||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | N/A | 7.3 HIGH |
|
Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account.
|
|||||
| CVE-2023-36765 | 1 Microsoft | 1 Office | 2025-02-28 | N/A | 7.8 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36569 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-28 | N/A | 8.4 HIGH |
|
Microsoft Office Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-29350 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 7.5 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-44689 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2019 and 2 more | 2025-02-28 | N/A | 7.8 HIGH |
|
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability
|
|||||
| CVE-2022-41032 | 2 Fedoraproject, Microsoft | 5 Fedora, .net, .net Core and 2 more | 2025-02-28 | N/A | 7.8 HIGH |
|
NuGet Client Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-38187 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 6.5 MEDIUM |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-36024 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 7.1 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28261 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 5.7 MEDIUM |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2021-31937 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 8.2 HIGH |
|
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
|
|||||
| CVE-2023-28339 | 1 Opendoas Project | 1 Opendoas | 2025-02-27 | N/A | 8.8 HIGH |
|
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
|
|||||
| CVE-2025-0893 | 2025-02-27 | N/A | 7.8 HIGH | ||
|
Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.
|
|||||
| CVE-2023-25590 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2025-02-27 | N/A | 7.8 HIGH |
|
A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.
|
|||||
| CVE-2025-1295 | 2025-02-27 | N/A | 8.8 HIGH | ||
|
The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to Administrator. The vulnerability can only be exploited when the BuddyPress plugin is also installed and activated.
|
|||||
| CVE-2023-27094 | 1 Opengoofy | 1 Hippo4j | 2025-02-26 | N/A | 8.8 HIGH |
|
An issue found in OpenGoofy Hippo4j v.1.4.3 allows attackers to escalate privileges via the ThreadPoolController of the tenant Management module.
|
|||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | N/A | 7.1 HIGH |
|
An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files.
|
|||||
| CVE-2023-20995 | 1 Google | 1 Android | 2025-02-25 | N/A | 7.8 HIGH |
|
In captureImage of CustomizedSensor.cpp, there is a possible way to bypass the fingerprint unlock due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-241910279
|
|||||
| CVE-2024-13343 | 1 Vanquish | 1 Woocommerce Customers Manager | 2025-02-24 | N/A | 8.8 HIGH |
|
The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator.
|
|||||
| CVE-2022-48353 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | N/A | 9.8 CRITICAL |
|
Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.
|
|||||
| CVE-2023-21068 | 1 Google | 1 Android | 2025-02-20 | N/A | 7.8 HIGH |
|
In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A
|
|||||
| CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2025-02-18 | N/A | 7.8 HIGH |
|
A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
|
|||||
| CVE-2017-6894 | 1 Flexera | 2 Flexnet Manager, Flexnet Manager Suite 2015 | 2025-02-18 | N/A | 7.8 HIGH |
|
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.
|
|||||
| CVE-2024-57778 | 2025-02-18 | N/A | 8.8 HIGH | ||
|
An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
|
|||||
| CVE-2022-48227 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2025-02-13 | N/A | 7.8 HIGH |
|
An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361.
|
|||||
| CVE-2022-48226 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-13 | N/A | 7.8 HIGH |
|
An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.
|
|||||
| CVE-2023-0959 | 1 Imaworldhealth | 1 Bhima | 2025-02-13 | N/A | 6.5 MEDIUM |
|
Bhima version 1.27.0 allows a remote attacker to update the privileges of any account registered in the application via a malicious link sent to an administrator. This is possible because the application is vulnerable to CSRF.
|
|||||
| CVE-2024-23537 | 1 Apache | 1 Fineract | 2025-02-13 | N/A | 8.4 HIGH |
|
Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5.
Users are recommended to upgrade to version 1.9.0, which fixes the issue.
|
|||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2025-02-13 | N/A | 10.0 CRITICAL |
|
In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a
possible way to access adb before SUW completion due to an insecure default
value. This could lead to local escalation of privilege with no additional
execution privileges needed. User interaction is not needed for
exploitation
|
|||||
| CVE-2023-4009 | 1 Mongodb | 1 Ops Manager Server | 2025-02-13 | N/A | 7.2 HIGH |
|
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
|
|||||
| CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2025-02-13 | N/A | 7.8 HIGH |
|
Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.
|
|||||
| CVE-2023-27316 | 1 Netapp | 1 Snapcenter | 2025-02-13 | N/A | 8.8 HIGH |
|
SnapCenter versions 4.8 through 4.9 are susceptible to a
vulnerability which may allow an authenticated SnapCenter Server user to
become an admin user on a remote system where a SnapCenter plug-in has
been installed.
|
|||||
| CVE-2025-0327 | 2025-02-13 | N/A | 7.8 HIGH | ||
|
CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit
trail data and the other acting as server managing client request) that could cause a loss of Confidentiality,
Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the
executable path of the windows services. To be exploited, services need to be restarted.
|
|||||