Vulnerabilities (CVE)

Filtered by CWE-269
Total 2724 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-43317 1 Coign 1 Coign 2025-06-20 N/A 8.8 HIGH
An issue in Coign CRM Portal v.06.06 allows a remote attacker to escalate privileges via the userPermissionsList parameter in Session Storage component.
CVE-2023-26604 2 Debian, Systemd Project 2 Debian Linux, Systemd 2025-06-20 N/A 7.8 HIGH
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
CVE-2024-0751 2 Debian, Mozilla 4 Debian Linux, Firefox, Firefox Esr and 1 more 2025-06-20 N/A 8.8 HIGH
A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
CVE-2023-52337 1 Trendmicro 2 Deep Security, Deep Security Agent 2025-06-20 N/A 7.8 HIGH
An improper access control vulnerability in Trend Micro Deep Security 20.0 and Trend Micro Cloud One - Endpoint and Workload Security Agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2024-33894 1 Hms-networks 7 Ewon Cosy\+ 4g Apac, Ewon Cosy\+ 4g Eu, Ewon Cosy\+ 4g Jp and 4 more 2025-06-20 N/A 8.8 HIGH
Insecure Permission vulnerability in Cosy+ devices running a firmware 21.x below 21.2s10 or a firmware 22.x below 22.1s3 are executing several processes with elevated privileges.
CVE-2023-46810 2 Ivanti, Linux 2 Secure Access Client, Linux Kernel 2025-06-20 N/A 7.3 HIGH
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
CVE-2025-22937 1 Adtran 2 411, 411 Firmware 2025-06-20 N/A 9.8 CRITICAL
An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors.
CVE-2023-40289 1 Supermicro 6 X11sae-f, X11sae-f Firmware, X11sse-f and 3 more 2025-06-18 N/A 7.2 HIGH
A command injection issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker can exploit this to elevate privileges from a user with BMC administrative privileges.
CVE-2023-50921 2025-06-18 N/A 9.8 CRITICAL
An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.
CVE-2025-49156 2025-06-17 N/A 7.0 HIGH
A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-4879 2025-06-17 N/A N/A
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2025-6177 2025-06-17 N/A 7.4 HIGH
Privilege Escalation in MiniOS in Google ChromeOS (16063.45.2 and potentially others) on enrolled devices allows a local attacker to gain root code execution via exploiting a debug shell (VT3 console) accessible through specific key combinations during developer mode entry and MiniOS access, even when developer mode is blocked by device policy or Firmware Write Protect (FWMP).
CVE-2025-49157 2025-06-17 N/A 7.8 HIGH
A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
CVE-2025-0320 2025-06-17 N/A N/A
Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows
CVE-2024-29741 1 Google 1 Android 2025-06-17 N/A 7.8 HIGH
In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-35430 1 Zkteco 1 Zkbio Cvsecurity 2025-06-17 N/A 8.1 HIGH
In ZKTeco ZKBio CVSecurity v6.1.1 an authenticated user can bypass password checks while exporting data from the application.
CVE-2025-5689 2025-06-17 N/A 8.5 HIGH
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
CVE-2023-41099 1 Atos 1 Eviden Cardos Api 2025-06-17 N/A 7.8 HIGH
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM).
CVE-2023-4822 1 Grafana 1 Grafana 2025-06-16 N/A 6.7 MEDIUM
Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of.
CVE-2025-5491 2025-06-16 N/A 8.8 HIGH
Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges.