Total
2379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13776 | 4 Fedoraproject, Netapp, Redhat and 1 more | 6 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 3 more | 2025-06-09 | 6.7 Medium |
| systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | ||||
| CVE-2019-3843 | 5 Canonical, Fedoraproject, Netapp and 2 more | 9 Ubuntu Linux, Fedora, Cn1610 and 6 more | 2025-06-09 | 7.8 High |
| It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | ||||
| CVE-2025-27811 | 1 Razer | 1 Synapse 4 | 2025-06-09 | 7.8 High |
| A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service. | ||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | 7 High |
| Azure Batch Node Agent Elevation of Privilege Vulnerability | ||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | 7.8 High |
| System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-22795 | 1 Forescout | 1 Secureconnector | 2025-06-05 | 7 High |
| Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | ||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | 8.1 High |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | ||||
| CVE-2024-22922 | 1 Projectworlds | 1 Visitor Management System In Php | 2025-06-04 | 9.8 Critical |
| An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | ||||
| CVE-2022-34706 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | 7.8 High |
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | ||||
| CVE-2022-34703 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-04 | 7.8 High |
| Windows Partition Management Driver Elevation of Privilege Vulnerability | ||||
| CVE-2020-36603 | 1 Hoyoverse | 1 Mhyprot2 | 2025-06-04 | 6.5 Medium |
| The HoYoVerse (formerly miHoYo) Genshin Impact mhyprot2.sys 1.0.0.0 anti-cheat driver does not adequately restrict unprivileged function calls, allowing local, unprivileged users to execute arbitrary code with SYSTEM privileges on Microsoft Windows systems. The mhyprot2.sys driver must first be installed by a user with administrative privileges. | ||||
| CVE-2025-26396 | 2025-06-04 | 7.8 High | ||
| The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. | ||||
| CVE-2024-27181 | 1 Apache | 1 Linkis | 2025-06-03 | 8.8 High |
| In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue. | ||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | 8.8 High |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | ||||
| CVE-2022-39007 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | 9.8 Critical |
| The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. | ||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | 6.7 Medium |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | ||||
| CVE-2023-48418 | 1 Google | 2 Pixel Watch, Pixel Watch Firmware | 2025-06-03 | 10 Critical |
| In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation | ||||
| CVE-2023-41784 | 1 Zte | 2 Redmagic 8 Pro, Redmagic 8 Pro Firmware | 2025-06-03 | 6.6 Medium |
| Permissions and Access Control Vulnerability in ZTE Red Magic 8 Pro | ||||