Skip to main content

CWE-269

Improper Privilege Management

2038 CVEs Avg CVSS 7.6 MITRE
253
CRITICAL
1268
HIGH
463
MEDIUM
49
LOW
339
POC
19
KEV

Monthly

CVE-2026-15103 HIGH This Week

Privilege escalation in the WPFunnels (Funnel Builder for WooCommerce) plugin for WordPress lets authenticated users holding the wpf_manage_funnels capability — typically the plugin's Funnel Manager custom role — rewrite the global wp_user_roles option and grant their own role full administrator capabilities. All versions up to and including 3.12.8 are affected, and Wordfence rates it CVSS 8.8 (High). No public exploit has been identified at time of analysis, but the root cause is trivial (an unvalidated option name reaching update_option()), making reliable weaponization straightforward for a low-privileged insider.

Privilege Escalation WordPress Wpfunnels Funnel Builder For Woocommerce With Checkout One Click Upsell
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-13741 HIGH This Week

Privilege escalation in the Digits WordPress Mobile Number Signup and Login plugin (all versions through 9.1.0.5) lets authenticated Subscriber-level users promote themselves to Administrator by submitting a forged digits_reg_userrole value during a profile update. The flaw stems from the dig_update_wpwc_custom_fields() function failing to validate the caller's authorization or the requested role. There is no public exploit identified at time of analysis, but the low barrier (any registered user on an affected site with the DIGITS User Role field configured) and full-administrator outcome make this a high-priority patching item.

Privilege Escalation WordPress Digits
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-6423 HIGH This Week

Local privilege escalation in ESET Inspect Connector for Windows lets a low-privileged local user escalate to elevated (SYSTEM-level) privileges by abusing an improperly authenticated ALPC (Asynchronous Local Procedure Call) IPC channel. The affected component is the endpoint agent that links ESET Inspect (EDR) to protected Windows hosts; a non-privileged process can issue unauthenticated requests to a privileged service endpoint that fails to verify the caller. The issue was reported and fixed by ESET, is not listed in CISA KEV, and has no public exploit identified at time of analysis.

Eset Authentication Bypass Privilege Escalation Eset Inspect Connector
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2026-12525 HIGH POC PATCH This Week

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.

Privilege Escalation WordPress Redux Framework
NVD WPScan VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-53444 HIGH This Week

Privilege escalation in Wekan (self-hosted Meteor kanban) before 9.32 lets any authenticated user directly invoke OIDC-only Meteor methods that lack the admin authorization checks applied to their non-OIDC counterparts. By calling setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, or groupRoutineOnLogin over DDP, a low-privileged user can create or modify organizations and teams, and - when PROPAGATE_OIDC_DATA is enabled - groupRoutineOnLogin can grant that user global admin. No public exploit identified at time of analysis; the vendor fix (v9.32) is confirmed and the flaw carries a CVSS 4.0 base score of 7.6.

Privilege Escalation Wekan
NVD GitHub
CVSS 4.0
7.6
EPSS
0.2%
CVE-2026-62355 MEDIUM PATCH This Month

Improper privilege management in TDengine Cloud DB prior to 3.4.1.15 allows an authenticated Data Reader admin_user to execute `create udf` (user-defined function) commands that should be restricted to higher-privilege roles. While the same role is correctly denied `show dnodes` and `create user`, the UDF creation permission was left ungated, creating a privilege escalation path within the database engine. No public exploit code has been identified at time of analysis, and this CVE has not been added to the CISA KEV catalog.

Privilege Escalation
NVD GitHub
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-53515 HIGH PATCH This Week

{providerId} to drive organization provisioning, effectively escalating toward organization takeover. No public exploit identified at time of analysis; the flaw is fixed in 1.6.11 which adds the missing role check.

Privilege Escalation Better Auth Sso
NVD GitHub
CVSS 3.1
7.1
EPSS
0.2%
CVE-2026-14960 CRITICAL Act Now

Local privilege escalation in Pegatron's Tdelo64.sys kernel driver allows any unprivileged user to perform arbitrary hardware I/O port reads and writes through the \\.\TdeIo device. The driver's TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE handlers lack authorization checks, letting a local attacker manipulate hardware registers to gain kernel-level control, tamper with firmware interfaces, or establish persistent low-level compromise. Reported by CERT/CC; no public exploit identified at time of analysis, and EPSS is low at 0.20% (10th percentile).

Privilege Escalation Tdelo64 Sys
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-57996 HIGH PATCH This Week

Privilege escalation in phpMyFAQ before 4.1.5 lets a delegated administrator holding USER_ADD/EDIT/DELETE rights mint a full SuperAdmin account through the POST /admin/api/user/add endpoint, resulting in complete instance takeover. The flaw stems from a missing SuperAdmin authorization guard, allowing a lower-privileged operator to submit isSuperAdmin: true with attacker-chosen credentials and then log in as that account. Reported by VulnCheck; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Privilege Escalation Phpmyfaq
NVD GitHub
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-49501 MEDIUM PATCH This Month

Elevation of privileges in Dell PowerScale OneFS versions 9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2 allows a high-privileged local attacker to escalate beyond their authorized access level due to improper privilege management (CWE-269). While the CVSS 3.1 base score of 6.7 reflects the local access and high-privilege prerequisites that constrain exploitability, the full C:H/I:H/A:H impact triad signals complete system compromise upon successful exploitation - a serious outcome for enterprise NAS infrastructure that frequently stores sensitive organizational data. No public exploit code or CISA KEV listing has been identified at time of analysis.

Privilege Escalation Dell Powerscale Onefs
NVD VulDB
CVSS 3.1
6.7
EPSS
0.2%
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the WPFunnels (Funnel Builder for WooCommerce) plugin for WordPress lets authenticated users holding the wpf_manage_funnels capability — typically the plugin's Funnel Manager custom role — rewrite the global wp_user_roles option and grant their own role full administrator capabilities. All versions up to and including 3.12.8 are affected, and Wordfence rates it CVSS 8.8 (High). No public exploit has been identified at time of analysis, but the root cause is trivial (an unvalidated option name reaching update_option()), making reliable weaponization straightforward for a low-privileged insider.

Privilege Escalation WordPress Wpfunnels Funnel Builder For Woocommerce With Checkout One Click Upsell
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in the Digits WordPress Mobile Number Signup and Login plugin (all versions through 9.1.0.5) lets authenticated Subscriber-level users promote themselves to Administrator by submitting a forged digits_reg_userrole value during a profile update. The flaw stems from the dig_update_wpwc_custom_fields() function failing to validate the caller's authorization or the requested role. There is no public exploit identified at time of analysis, but the low barrier (any registered user on an affected site with the DIGITS User Role field configured) and full-administrator outcome make this a high-priority patching item.

Privilege Escalation WordPress Digits
NVD VulDB
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in ESET Inspect Connector for Windows lets a low-privileged local user escalate to elevated (SYSTEM-level) privileges by abusing an improperly authenticated ALPC (Asynchronous Local Procedure Call) IPC channel. The affected component is the endpoint agent that links ESET Inspect (EDR) to protected Windows hosts; a non-privileged process can issue unauthenticated requests to a privileged service endpoint that fails to verify the caller. The issue was reported and fixed by ESET, is not listed in CISA KEV, and has no public exploit identified at time of analysis.

Eset Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

The Redux Framework WordPress plugin before 4.5.13 does not restrict which user meta keys can be written when saving custom profile fields, allowing users with at least the Subscriber role to escalate their privileges to Administrator by submitting a crafted value while updating their own profile, on sites where the Redux Framework WordPress plugin before 4.5.13's user-profile (Users extension) feature is enabled.

Privilege Escalation WordPress Redux Framework
NVD WPScan VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Privilege escalation in Wekan (self-hosted Meteor kanban) before 9.32 lets any authenticated user directly invoke OIDC-only Meteor methods that lack the admin authorization checks applied to their non-OIDC counterparts. By calling setCreateOrgFromOidc, setOrgAllFieldsFromOidc, setCreateTeamFromOidc, setTeamAllFieldsFromOidc, boardRoutineOnLogin, or groupRoutineOnLogin over DDP, a low-privileged user can create or modify organizations and teams, and - when PROPAGATE_OIDC_DATA is enabled - groupRoutineOnLogin can grant that user global admin. No public exploit identified at time of analysis; the vendor fix (v9.32) is confirmed and the flaw carries a CVSS 4.0 base score of 7.6.

Privilege Escalation Wekan
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Improper privilege management in TDengine Cloud DB prior to 3.4.1.15 allows an authenticated Data Reader admin_user to execute `create udf` (user-defined function) commands that should be restricted to higher-privilege roles. While the same role is correctly denied `show dnodes` and `create user`, the UDF creation permission was left ungated, creating a privilege escalation path within the database engine. No public exploit code has been identified at time of analysis, and this CVE has not been added to the CISA KEV catalog.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{providerId} to drive organization provisioning, effectively escalating toward organization takeover. No public exploit identified at time of analysis; the flaw is fixed in 1.6.11 which adds the missing role check.

Privilege Escalation Better Auth Sso
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Local privilege escalation in Pegatron's Tdelo64.sys kernel driver allows any unprivileged user to perform arbitrary hardware I/O port reads and writes through the \\.\TdeIo device. The driver's TDE_IOCTL_INDEXIO_READ and TDE_IOCTL_INDEXIO_WRITE handlers lack authorization checks, letting a local attacker manipulate hardware registers to gain kernel-level control, tamper with firmware interfaces, or establish persistent low-level compromise. Reported by CERT/CC; no public exploit identified at time of analysis, and EPSS is low at 0.20% (10th percentile).

Privilege Escalation Tdelo64 Sys
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Privilege escalation in phpMyFAQ before 4.1.5 lets a delegated administrator holding USER_ADD/EDIT/DELETE rights mint a full SuperAdmin account through the POST /admin/api/user/add endpoint, resulting in complete instance takeover. The flaw stems from a missing SuperAdmin authorization guard, allowing a lower-privileged operator to submit isSuperAdmin: true with attacker-chosen credentials and then log in as that account. Reported by VulnCheck; no public exploit identified at time of analysis and it is not listed in CISA KEV.

Privilege Escalation Phpmyfaq
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Elevation of privileges in Dell PowerScale OneFS versions 9.5.0.0-9.10.1.7 and 9.11.0.0-9.13.0.2 allows a high-privileged local attacker to escalate beyond their authorized access level due to improper privilege management (CWE-269). While the CVSS 3.1 base score of 6.7 reflects the local access and high-privilege prerequisites that constrain exploitability, the full C:H/I:H/A:H impact triad signals complete system compromise upon successful exploitation - a serious outcome for enterprise NAS infrastructure that frequently stores sensitive organizational data. No public exploit code or CISA KEV listing has been identified at time of analysis.

Privilege Escalation Dell Powerscale Onefs
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy