Total
2841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-3257 | 3 Debian, Mariadb, Oracle | 3 Debian Linux, Mariadb, Mysql | 2025-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.6.34 and earlier5.7.16 and earlier. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS v3.0 Base Score 6.5 (Availability impacts). | |||||
| CVE-2017-7918 | 1 Cambium Networks | 8 Epmp 1000, Epmp 1000 Firmware, Epmp 1000 Hotspot and 5 more | 2025-04-20 | 6.0 MEDIUM | 6.8 MEDIUM |
| An Improper Access Control issue was discovered in Cambium Networks ePMP. After a valid user has used SNMP configuration export, an attacker is able to remotely trigger device configuration backups using specific MIBs. These backups lack proper access control and may allow access to sensitive information and possibly allow for configuration changes. | |||||
| CVE-2017-2094 | 1 Cybozu | 1 Garoon | 2025-04-20 | 4.0 MEDIUM | 4.3 MEDIUM |
| Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors. | |||||
| CVE-2022-31707 | 1 Vmware | 1 Vrealize Operations | 2025-04-18 | N/A | 7.2 HIGH |
| vRealize Operations (vROps) contains a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.2. | |||||
| CVE-2023-51435 | 1 Hihonor | 1 Magic Ui | 2025-04-17 | N/A | 7.1 HIGH |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause information leak. | |||||
| CVE-2025-25230 | 2025-04-17 | N/A | 7.8 HIGH | ||
| Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges. | |||||
| CVE-2025-23007 | 2025-04-17 | N/A | 5.5 MEDIUM | ||
| A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. | |||||
| CVE-2022-46327 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-17 | N/A | 9.8 CRITICAL |
| Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions. | |||||
| CVE-2024-27710 | 1 Eskooly | 1 Eskooly | 2025-04-16 | N/A | 9.8 CRITICAL |
| An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism. | |||||
| CVE-2024-22036 | 2025-04-16 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3. | |||||
| CVE-2023-32197 | 2025-04-16 | N/A | 6.6 MEDIUM | ||
| A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5. | |||||
| CVE-2025-27644 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 7.8 HIGH |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. | |||||
| CVE-2025-27639 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 8.8 HIGH |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015. | |||||
| CVE-2023-48319 | 1 Salonbookingsystem | 1 Salon Booking System | 2025-04-15 | N/A | 6.8 MEDIUM |
| Improper Privilege Management vulnerability in Salon Booking System Salon booking system allows Privilege Escalation.This issue affects Salon booking system: from n/a through 8.6. | |||||
| CVE-2025-3418 | 2025-04-15 | N/A | 8.8 HIGH | ||
| The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator. | |||||
| CVE-2014-1510 | 6 Canonical, Debian, Mozilla and 3 more | 17 Ubuntu Linux, Debian Linux, Firefox and 14 more | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call. | |||||
| CVE-2014-3689 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 7.2 HIGH | N/A |
| The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local guest users to write to qemu memory locations and gain privileges via unspecified parameters related to rectangle handling. | |||||
| CVE-2014-1496 | 2 Mozilla, Suse | 7 Firefox, Firefox Esr, Seamonkey and 4 more | 2025-04-12 | 1.9 LOW | 5.5 MEDIUM |
| Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 might allow local users to gain privileges by modifying the extracted Mar contents during an update. | |||||
| CVE-2014-5206 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 7.2 HIGH | N/A |
| The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a "mount -o remount" command within a user namespace. | |||||
| CVE-2016-2066 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
| Integer signedness error in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application that makes an ioctl call. | |||||