Total
2585 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-0524 | 2025-03-27 | N/A | 8.8 HIGH | ||
| As part of our Security Development Lifecycle, a potential privilege escalation issue was identified internally. This could allow a malicious actor with sufficient permissions to modify environment variables and abuse an impacted plugin in order to escalate privileges. We have resolved the issue and also made several defense-in-depth fixes alongside. While the probability of successful exploitation is low, Tenable is committed to securing our customers’ environments and our products. The updates have been distributed via the Tenable plugin feed in feed serial numbers equal to or greater than #202212212055. | |||||
| CVE-2024-23710 | 1 Google | 1 Android | 2025-03-26 | N/A | 7.8 HIGH |
| In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-48019 | 1 Wfs | 1 Another Eden | 2025-03-26 | N/A | 7.8 HIGH |
| The components wfshbr64.sys and wfshbr32.sys in Another Eden before v3.0.20 and before v2.14.200 allows attackers to perform privilege escalation via a crafted payload. | |||||
| CVE-2025-2232 | 1 Purethemes | 1 Realteo | 2025-03-25 | N/A | 9.8 CRITICAL |
| The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. | |||||
| CVE-2024-6677 | 2025-03-25 | N/A | N/A | ||
| Privilege escalation in uberAgent | |||||
| CVE-2024-24970 | 2025-03-25 | N/A | 6.5 MEDIUM | ||
| Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | |||||
| CVE-2023-41957 | 1 Simple-membership-plugin | 1 Simple Membership | 2025-03-25 | N/A | 8.6 HIGH |
| Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. | |||||
| CVE-2022-38777 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2025-03-25 | N/A | 7.8 HIGH |
| An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | |||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | N/A | 7.5 HIGH |
| The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | |||||
| CVE-2024-24402 | 1 Nagios | 1 Nagios Xi | 2025-03-24 | N/A | 9.8 CRITICAL |
| An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. | |||||
| CVE-2024-53350 | 2025-03-24 | N/A | 7.4 HIGH | ||
| Insecure permissions in kubeslice v1.3.1 allow attackers to gain access to the service account's token, leading to escalation of privileges. | |||||
| CVE-2024-53349 | 2025-03-24 | N/A | 7.4 HIGH | ||
| Insecure permissions in kuadrant v0.11.3 allow attackers to gain access to the service account's token, leading to escalation of privileges via the secretes component in the k8s cluster | |||||
| CVE-2024-26314 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-21 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2024-30542 | 1 Wpxpo | 1 Wholesalex | 2025-03-21 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. | |||||
| CVE-2024-22235 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-03-20 | N/A | 6.7 MEDIUM |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | |||||
| CVE-2024-21141 | 1 Oracle | 1 Vm Virtualbox | 2025-03-20 | N/A | 8.2 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2025-23007 | 2025-03-20 | N/A | 7.8 HIGH | ||
| A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. | |||||
| CVE-2024-9431 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
| In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover. | |||||
| CVE-2024-7039 | 2025-03-20 | N/A | 8.3 HIGH | ||
| In open-webui/open-webui version v0.3.8, there is an improper privilege management vulnerability. The application allows an attacker, acting as an admin, to delete other administrators via the API endpoint `http://0.0.0.0:8080/api/v1/users/{uuid_administrator}`. This action is restricted by the user interface but can be performed through direct API calls. | |||||
| CVE-2024-10273 | 2025-03-20 | N/A | 6.5 MEDIUM | ||
| In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models does not have appropriate privilege checks, enabling low-privilege users to update models they should not have access to modify. This vulnerability could lead to unauthorized changes in critical resources, affecting the integrity and reliability of the system. | |||||