Total
2841 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-36046 | 1 Infoblox | 1 Nios | 2025-04-10 | N/A | 9.8 CRITICAL |
| Infoblox NIOS through 8.6.4 executes with more privileges than required. | |||||
| CVE-2023-41665 | 1 Givewp | 1 Givewp | 2025-04-10 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in GiveWP allows Privilege Escalation.This issue affects GiveWP: from n/a through 2.33.0. | |||||
| CVE-2023-41243 | 1 Wpvivid | 1 Migration\, Backup\, Staging | 2025-04-10 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in WPvivid Team WPvivid Backup and Migration allows Privilege Escalation.This issue affects WPvivid Backup and Migration: from n/a through 0.9.90. | |||||
| CVE-2024-21141 | 1 Oracle | 1 Vm Virtualbox | 2025-04-10 | N/A | 8.2 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.20. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2022-43535 | 2 Arubanetworks, Microsoft | 2 Clearpass Policy Manager, Windows | 2025-04-10 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43534 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2025-04-10 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2022-43533 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | N/A | 7.8 HIGH |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | |||||
| CVE-2023-4976 | 2025-04-10 | N/A | N/A | ||
| A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | |||||
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | |||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | N/A | 6.7 MEDIUM |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | |||||
| CVE-2024-28851 | 1 Snowflake | 1 Snowflake Hive Metastore Connector | 2025-04-09 | N/A | 4.0 MEDIUM |
| The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. | |||||
| CVE-2008-2271 | 1 Site Documentation Project | 1 Site Documentation | 2025-04-09 | 5.0 MEDIUM | N/A |
| The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | |||||
| CVE-2009-0080 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-09 | 6.9 MEDIUM | N/A |
| The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | |||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 13 Ubuntu Linux, Fedora, Linux Kernel and 10 more | 2025-04-09 | 5.9 MEDIUM | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | |||||
| CVE-2008-2931 | 5 Canonical, Debian, Linux and 2 more | 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more | 2025-04-09 | 7.2 HIGH | 7.8 HIGH |
| The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | |||||
| CVE-2025-29999 | 2025-04-08 | N/A | 6.7 MEDIUM | ||
| A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. | |||||
| CVE-2022-39182 | 1 Mingham-smith | 1 Tardis 2000 | 2025-04-08 | N/A | 4.9 MEDIUM |
| H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | |||||
| CVE-2025-3105 | 2025-04-07 | N/A | 8.8 HIGH | ||
| The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | |||||
| CVE-2025-29033 | 2025-04-04 | N/A | 7.3 HIGH | ||
| An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter. | |||||
| CVE-2023-22809 | 3 Debian, Fedoraproject, Sudo Project | 3 Debian Linux, Fedora, Sudo | 2025-04-04 | N/A | 7.8 HIGH |
| In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | |||||