Total
2487 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2232 | 1 Purethemes | 1 Realteo | 2025-03-25 | 9.8 Critical |
| The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, is vulnerable to authentication bypass in all versions up to, and including, 1.2.8. This is due to insufficient role restrictions in the 'do_register_user' function. This makes it possible for unauthenticated attackers to register an account with the Administrator role. | ||||
| CVE-2024-24970 | 2025-03-25 | 6.5 Medium | ||
| Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | ||||
| CVE-2023-41957 | 2 Simple-membership-plugin, Smp7 Wpinsider | 2 Simple Membership, Simple Membership | 2025-03-25 | 8.6 High |
| Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4. | ||||
| CVE-2022-43759 | 1 Suse | 1 Rancher | 2025-03-25 | 7.2 High |
| A Improper Privilege Management vulnerability in SUSE Rancher, allows users with access to the escalate verb on PRTBs to escalate permissions for any -promoted resource in any cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.5.17; Rancher versions prior to 2.6.10. | ||||
| CVE-2022-38777 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2025-03-25 | 7.8 High |
| An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||
| CVE-2023-49232 | 1 Stilog | 1 Visual Planning 8 | 2025-03-25 | 9.8 Critical |
| An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. | ||||
| CVE-2024-29667 | 1 Tongtianxing Technology Co Ltd | 1 Cmsv6 | 2025-03-25 | 9.8 Critical |
| SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. | ||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2023-21421 | 1 Samsung | 1 Android | 2025-03-24 | 5.9 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | ||||
| CVE-2024-24402 | 1 Nagios | 1 Nagios Xi | 2025-03-24 | 9.8 Critical |
| An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. | ||||
| CVE-2024-26314 | 3 Iconics, Jungo, Mitsubishielectric | 49 Genesis64, Windriver, C Controller Module Setting And Monitoring Tool and 46 more | 2025-03-21 | 7.8 High |
| Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows local attackers to escalate privileges and execute arbitrary code. | ||||
| CVE-2024-30542 | 1 Wpxpo | 1 Wholesalex | 2025-03-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2. | ||||
| CVE-2024-22235 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-03-20 | 6.7 Medium |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | ||||
| CVE-2022-27677 | 1 Amd | 1 Ryzen Master | 2025-03-19 | 7.8 High |
| Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user. | ||||
| CVE-2022-42455 | 1 Asus | 1 Armoury Crate | 2025-03-19 | 7.8 High |
| ASUS EC Tool driver (aka d.sys) 1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb, as signed by ASUS and shipped with multiple ASUS software products, contains multiple IOCTL handlers that provide raw read and write access to port I/O and MSRs via unprivileged IOCTL calls. Local users can gain privileges. | ||||
| CVE-2023-25011 | 1 Nec | 1 Pc Settings Tool | 2025-03-19 | 7.8 High |
| PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges. | ||||
| CVE-2022-42735 | 1 Apache | 1 Shenyu | 2025-03-19 | 8.8 High |
| Improper Privilege Management vulnerability in Apache Software Foundation Apache ShenYu. ShenYu Admin allows low-privilege low-level administrators create users with higher privileges than their own. This issue affects Apache ShenYu: 2.5.0. Upgrade to Apache ShenYu 2.5.1 or apply patch https://github.com/apache/shenyu/pull/3958 https://github.com/apache/shenyu/pull/3958 . | ||||
| CVE-2025-26706 | 1 Zte | 1 Goldendb | 2025-03-19 | 5.4 Medium |
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07. | ||||
| CVE-2025-26705 | 1 Zte | 1 Goldendb | 2025-03-19 | 5.3 Medium |
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | ||||
| CVE-2025-26704 | 1 Zte | 1 Goldendb | 2025-03-19 | 6.4 Medium |
| Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05. | ||||