Skip to main content

CWE-268

Privilege Chaining

19 CVEs Avg CVSS 7.2 MITRE
0
CRITICAL
12
HIGH
7
MEDIUM
0
LOW
6
POC
0
KEV

Monthly

CVE-2026-32325 HIGH This Week

Local privilege escalation in Fujitsu ServerView Agents for Windows V11.60.04 and earlier enables an authenticated low-privileged user to chain privileges and obtain SYSTEM-level access on the host. The flaw was reported by JPCERT/CC and is documented in JVN advisory JVN67883085 and FSAS Technologies advisory 0529; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2026-3888 HIGH POC PATCH This Week

Local privilege escalation in snapd on multiple Ubuntu versions allows authenticated local attackers to obtain root access by exploiting a race condition between snap's temporary directory creation and systemd-tmpfiles cleanup operations. An attacker with local access can manipulate the /tmp directory to escalate privileges when snapd attempts to recreate its private snap directories. This vulnerability affects Ubuntu 16.04 LTS through 24.04 LTS with no patch currently available.

Ubuntu Privilege Escalation
NVD VulDB GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-7973 HIGH This Month

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-36124 MEDIUM This Month

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Websphere Application Server
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2025-49741 HIGH POC PATCH This Week

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC available.

Microsoft Google Information Disclosure Edge Chromium Chrome
NVD Exploit-DB
CVSS 3.1
7.4
EPSS
0.9%
CVE-2025-20112 MEDIUM This Month

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco VMware
NVD
CVSS 3.1
5.1
EPSS
0.1%
CVE-2025-32955 MEDIUM This Month

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Red Hat
NVD GitHub
CVSS 3.1
6.0
EPSS
0.1%
CVE-2024-4877 HIGH This Week

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Openvpn Windows
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-0889 HIGH This Week

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Privilege Management For Windows Windows
NVD
CVSS 4.0
7.2
EPSS
0.0%
CVE-2024-47045 HIGH This Week

Privilege chaining issue exists in the installer of e-Tax software(common program). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.1%
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in Fujitsu ServerView Agents for Windows V11.60.04 and earlier enables an authenticated low-privileged user to chain privileges and obtain SYSTEM-level access on the host. The flaw was reported by JPCERT/CC and is documented in JVN advisory JVN67883085 and FSAS Technologies advisory 0529; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Microsoft Information Disclosure
NVD
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

Local privilege escalation in snapd on multiple Ubuntu versions allows authenticated local attackers to obtain root access by exploiting a race condition between snap's temporary directory creation and systemd-tmpfiles cleanup operations. An attacker with local access can manipulate the /tmp directory to escalate privileges when snapd attempts to recreate its private snap directories. This vulnerability affects Ubuntu 16.04 LTS through 24.04 LTS with no patch currently available.

Ubuntu Privilege Escalation
NVD VulDB GitHub
EPSS 0% CVSS 8.5
HIGH This Month

A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass IBM Websphere Application Server
NVD
EPSS 1% CVSS 7.4
HIGH POC PATCH This Week

A security vulnerability in No cwe for this (CVSS 7.4) that allows an unauthorized attacker. Risk factors: public PoC available.

Microsoft Google Information Disclosure +2
NVD Exploit-DB
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an authenticated, local attacker to elevate privileges to root on an affected device. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Cisco VMware
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Docker Red Hat
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Openvpn +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Privilege Management For Windows +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Privilege chaining issue exists in the installer of e-Tax software(common program). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy