Total
2737 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-23497 | 1 Apple | 1 Macos | 2025-03-11 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges. | |||||
| CVE-2025-26707 | 2025-03-11 | N/A | 5.3 MEDIUM | ||
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | |||||
| CVE-2023-34045 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2025-03-07 | N/A | 6.6 MEDIUM |
| VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time. | |||||
| CVE-2022-45608 | 1 Thingsboard | 1 Thingsboard | 2025-03-07 | N/A | 8.8 HIGH |
| An issue was discovered in ThingsBoard 3.4.1, allows low privileged attackers (CUSTOMER_USER) to gain escalated privileges (vertically) and become an Administrator (TENANT_ADMIN) or (SYS_ADMIN) on the web application. It is important to note that in order to accomplish this, the attacker must know the corresponding API's parameter (authority : value). | |||||
| CVE-2022-45988 | 1 Starsoftcomm | 1 Coocare | 2025-03-07 | N/A | 7.8 HIGH |
| starsoftcomm CooCare 5.304 allows local attackers to escalate privileges and execute arbitrary commands via a crafted file upload. | |||||
| CVE-2024-8420 | 1 Sitesao | 1 Dhvc Form | 2025-03-06 | N/A | 9.8 CRITICAL |
| The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites. | |||||
| CVE-2023-34057 | 2 Apple, Vmware | 2 Macos, Tools | 2025-03-06 | N/A | 7.8 HIGH |
| VMware Tools contains a local privilege escalation vulnerability. A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine. | |||||
| CVE-2023-26600 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-03-06 | N/A | 6.5 MEDIUM |
| ManageEngine ServiceDesk Plus through 14104, ServiceDesk Plus MSP through 14000, Support Center Plus through 14000, and Asset Explorer through 6987 allow privilege escalation via query reports. | |||||
| CVE-2023-25144 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2025-03-06 | N/A | 7.8 HIGH |
| An improper access control vulnerability in the Trend Micro Apex One agent could allow a local attacker to gain elevated privileges and create arbitrary directories with arbitrary ownership. | |||||
| CVE-2023-21376 | 1 Google | 1 Android | 2025-03-06 | N/A | 5.5 MEDIUM |
| In Telephony, there is a possible way to retrieve the ICCID due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-12281 | 2025-03-05 | N/A | 9.8 CRITICAL | ||
| The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Editor or Shop Manager role. | |||||
| CVE-2024-11951 | 2025-03-05 | N/A | 9.8 CRITICAL | ||
| The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | |||||
| CVE-2022-48365 | 1 Ibexa | 3 Digital Experience Platform, Ez Platform, Ez Platform Kernel | 2025-03-04 | N/A | 7.2 HIGH |
| An issue was discovered in eZ Platform Ibexa Kernel before 1.3.26. The Company admin role gives excessive privileges. | |||||
| CVE-2025-1425 | 2025-03-04 | N/A | N/A | ||
| A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671. | |||||
| CVE-2025-1424 | 2025-03-04 | N/A | N/A | ||
| A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671. | |||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | N/A | 7.3 HIGH |
| Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. | |||||
| CVE-2024-24778 | 2025-03-03 | N/A | 6.5 MEDIUM | ||
| Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue. | |||||
| CVE-2023-36765 | 1 Microsoft | 1 Office | 2025-02-28 | N/A | 7.8 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2023-36569 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-02-28 | N/A | 8.4 HIGH |
| Microsoft Office Elevation of Privilege Vulnerability | |||||
| CVE-2023-29350 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | N/A | 7.5 HIGH |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | |||||