Total
2561 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-31005 | 1 Ibm | 2 Security Verify Access, Security Verify Access Docker | 2025-11-03 | N/A | 6.2 MEDIUM |
|
IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow a local user to escalate their privileges due to an improper security configuration. IBM X-Force ID: 254767.
|
|||||
| CVE-2021-32739 | 2 Debian, Icinga | 2 Debian Linux, Icinga | 2025-11-03 | 6.5 MEDIUM | 8.8 HIGH |
|
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a read-ony user's credentials, an attacker can view most attributes of all config objects including `ticket_salt` of `ApiListener`. This salt is enough to compute a ticket for every possible common name (CN). ...
Show More |
|||||
| CVE-2025-50124 | 2025-11-03 | N/A | N/A | ||
|
A
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the
server is accessed by a privileged account via a console and through exploitation of a setup script.
|
|||||
| CVE-2025-43256 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to gain root privileges.
|
|||||
| CVE-2025-43249 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges.
|
|||||
| CVE-2025-43248 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2025-43199 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
|
A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2025-43188 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2025-31243 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to gain root privileges.
|
|||||
| CVE-2025-31222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2025-11-03 | N/A | 7.8 HIGH |
|
A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges.
|
|||||
| CVE-2025-27644 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 7.8 HIGH |
|
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.
|
|||||
| CVE-2025-27639 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | N/A | 8.8 HIGH |
|
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.
|
|||||
| CVE-2025-24258 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges.
|
|||||
| CVE-2025-24119 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.
|
|||||
| CVE-2019-15790 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-11-03 | 2.1 LOW | 2.8 LOW |
|
Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regre ...
Show More |
|||||
| CVE-2025-9966 | 2025-11-03 | N/A | N/A | ||
|
Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2.
|
|||||
| CVE-2025-52555 | 2025-11-03 | N/A | 6.5 MEDIUM | ||
|
Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, an ...
Show More |
|||||
| CVE-2025-43333 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.
|
|||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2025-11-03 | 4.6 MEDIUM | 8.2 HIGH |
|
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
|
|||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-10-30 | 7.2 HIGH | 7.8 HIGH |
|
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
|
|||||
| CVE-2025-1732 | 1 Zyxel | 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more | 2025-10-30 | N/A | 6.7 MEDIUM |
|
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.
|
|||||
| CVE-2025-30475 | 1 Dell | 1 Insightiq | 2025-10-30 | N/A | 8.1 HIGH |
|
Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges.
|
|||||
| CVE-2021-25337 | 1 Samsung | 1 Android | 2025-10-30 | 5.8 MEDIUM | 4.4 MEDIUM |
|
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
|
|||||
| CVE-2025-1037 | 2025-10-30 | N/A | N/A | ||
|
By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context.
|
|||||
| CVE-2025-61429 | 2025-10-30 | N/A | 8.8 HIGH | ||
|
An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.
|
|||||
| CVE-2019-1215 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
|
|||||
| CVE-2019-1388 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 11 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2019-1405 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2025-5496 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-28 | N/A | 3.3 LOW |
|
ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component.
|
|||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Windows Error Reporting Service Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-38014 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 7.8 HIGH |
|
Windows Installer Elevation of Privilege Vulnerability
|
|||||
| CVE-2024-49035 | 1 Microsoft | 1 Partner Center | 2025-10-28 | N/A | 8.7 HIGH |
|
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
|
|||||
| CVE-2021-43768 | 2025-10-27 | N/A | 5.3 MEDIUM | ||
|
In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.
|
|||||
| CVE-2025-9068 | 1 Rockwellautomation | 1 Factorytalk Linx | 2025-10-24 | N/A | 7.8 HIGH |
|
A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources.
|
|||||
| CVE-2025-7851 | 1 Tp-link | 26 Er605, Er605 Firmware, Er706w and 23 more | 2025-10-24 | N/A | 9.8 CRITICAL |
|
An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
|
|||||
| CVE-2024-8068 | 1 Citrix | 1 Session Recording | 2025-10-24 | N/A | 8.0 HIGH |
|
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
|
|||||
| CVE-2025-61759 | 1 Oracle | 1 Vm Virtualbox | 2025-10-23 | N/A | 6.5 MEDIUM |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result i ...
Show More |
|||||
| CVE-2025-62592 | 1 Oracle | 1 Vm Virtualbox | 2025-10-23 | N/A | 6.0 MEDIUM |
|
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result ...
Show More |
|||||
| CVE-2025-36633 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | N/A | 8.8 HIGH |
|
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation.
|
|||||
| CVE-2025-36631 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | N/A | 8.4 HIGH |
|
In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege.
|
|||||