Total
2228 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26247 | 1 Microsoft | 1 Edge | 2025-05-03 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-29052 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-05-03 | 7.8 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2024-28904 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-21324 | 1 Microsoft | 1 Defender For Iot | 2025-05-03 | 7.2 High |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-28905 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-30007 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 8.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2025-05-02 | 9.1 Critical |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2022-37929 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | 6.7 Medium |
| Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | ||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2025-05-02 | 8.8 High |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | ||||
| CVE-2022-42919 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Python, Enterprise Linux and 1 more | 2025-05-02 | 7.8 High |
| Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | ||||
| CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | 9.6 Critical |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2025-4085 | 2025-05-02 | 7.1 High | ||
| An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2022-3369 | 1 Bitdefender | 1 Engines | 2025-05-02 | 8.6 High |
| An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. | ||||
| CVE-2025-3438 | 2025-05-02 | 6.5 Medium | ||
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the 'wcfm_vendor' role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3. | ||||
| CVE-2025-31282 | 2025-05-02 | 4.6 Medium | ||
| A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-32974 | 2025-05-02 | 9.1 Critical | ||
| XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0. | ||||
| CVE-2022-37015 | 1 Symantec | 1 Endpoint Detection And Response | 2025-05-01 | 9.8 Critical |
| Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||
| CVE-2022-44732 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||