Total
1819 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48227 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2025-02-13 | N/A | 7.8 HIGH |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. | |||||
| CVE-2022-48226 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-13 | N/A | 7.8 HIGH |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation. | |||||
| CVE-2024-23537 | 1 Apache | 1 Fineract | 2025-02-13 | N/A | 8.4 HIGH |
| Improper Privilege Management vulnerability in Apache Fineract.This issue affects Apache Fineract: <1.8.5. Users are recommended to upgrade to version 1.9.0, which fixes the issue. | |||||
| CVE-2023-4009 | 1 Mongodb | 1 Ops Manager Server | 2025-02-13 | N/A | 7.2 HIGH |
| In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation. | |||||
| CVE-2023-31432 | 1 Broadcom | 1 Brocade Fabric Operating System | 2025-02-13 | N/A | 7.8 HIGH |
| Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0. | |||||
| CVE-2023-27316 | 1 Netapp | 1 Snapcenter | 2025-02-13 | N/A | 8.8 HIGH |
| SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed. | |||||
| CVE-2025-0327 | 2025-02-13 | N/A | 7.8 HIGH | ||
| CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted. | |||||
| CVE-2024-34370 | 1 Wpfactory | 1 Ean For Woocommerce | 2025-02-12 | N/A | 7.2 HIGH |
| Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9. | |||||
| CVE-2025-23093 | 2025-02-12 | N/A | 8.8 HIGH | ||
| The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | |||||
| CVE-2023-51546 | 1 Webtoffee | 1 Woocommerce Pdf Invoices\, Packing Slips\, Delivery Notes And Shipping Labels | 2025-02-11 | N/A | 7.2 HIGH |
| Improper Privilege Management vulnerability in WebToffee WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels allows Privilege Escalation.This issue affects WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels: from n/a through 4.2.1. | |||||
| CVE-2024-11128 | 1 Bitdefender | 1 Virus Scanner | 2025-02-11 | N/A | 7.8 HIGH |
| A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18. | |||||
| CVE-2024-21966 | 2025-02-11 | N/A | 7.3 HIGH | ||
| A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2024-21989 | 1 Netapp | 1 Ontap Select Deploy Administration Utility | 2025-02-10 | N/A | 8.1 HIGH |
| ONTAP Select Deploy administration utility versions 9.12.1.x, 9.13.1.x and 9.14.1.x are susceptible to a vulnerability which when successfully exploited could allow a read-only user to escalate their privileges. | |||||
| CVE-2023-27651 | 1 Egostudiogroup | 1 Superclean | 2025-02-10 | N/A | 7.8 HIGH |
| An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. | |||||
| CVE-2024-37484 | 1 Zephyr-one | 1 Zephyr Project Manager | 2025-02-10 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97. | |||||
| CVE-2023-47868 | 1 Gvectors | 1 Wpforo Forum | 2025-02-09 | N/A | 7.3 HIGH |
| Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3. | |||||
| CVE-2024-22145 | 1 Instawp | 1 Instawp Connect | 2025-02-07 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in InstaWP Team InstaWP Connect allows Privilege Escalation.This issue affects InstaWP Connect: from n/a through 0.1.0.8. | |||||
| CVE-2023-22645 | 1 Linuxfoundation | 1 Kubewarden-controller | 2025-02-05 | N/A | 8.0 HIGH |
| An Improper Privilege Management vulnerability in SUSE kubewarden allows attackers to read arbitrary secrets if they get access to the ServiceAccount kubewarden-controller This issue affects: SUSE kubewarden kubewarden-controller versions prior to 1.6.0. | |||||
| CVE-2023-28122 | 1 Ui | 1 Desktop | 2025-02-05 | N/A | 7.8 HIGH |
| A local privilege escalation (LPE) vulnerability in UI Desktop for Windows (Version 0.59.1.71 and earlier) allows a malicious actor with local access to a Windows device running said application to submit arbitrary commands as SYSTEM.This vulnerability is fixed in Version 0.62.3 and later. | |||||
| CVE-2023-51479 | 1 Buildapp | 1 Build App Online | 2025-02-05 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. | |||||