Skip to main content

Privilege Escalation

13301 CVEs technique

Monthly

CVE-2025-69783 HIGH This Week

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe).

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2017-20218 HIGH POC This Week

Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.

Privilege Escalation RCE Microsoft
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.0%
CVE-2016-20034 HIGH POC This Week

A privilege escalation vulnerability in Wowza Streaming Engine 4.5.0 allows authenticated read-only users to elevate their privileges to administrator level by manipulating POST parameters (accessLevel='admin', advUser='true'/'on') sent to the user edit endpoint. A public exploit is available on exploit-db, though the vulnerability has not been added to CISA's KEV catalog, suggesting limited real-world exploitation despite the high CVSS score of 8.8.

Privilege Escalation CSRF Wowza Streaming Engine
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2016-20033 HIGH POC This Week

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability where authenticated users can gain SYSTEM-level access by replacing service executables due to overly permissive file permissions that grant the Everyone group full control. A public proof-of-concept exploit is available, making this vulnerability easily exploitable by any authenticated local user to completely compromise the system.

Privilege Escalation Authentication Bypass Wowza Streaming Engine
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2016-20029 MEDIUM POC This Month

ZKTeco ZKBioSecurity 3.0 contains a local file path manipulation vulnerability (CWE-276) that allows unauthenticated attackers to bypass access controls and read arbitrary files including configuration files, source code, and application resources. A publicly available proof-of-concept exists, and the vulnerability has moderate real-world risk due to its local attack vector requirement but high confidentiality impact on sensitive biometric system data.

Privilege Escalation Zkteco Zkbiosecurity
NVD Exploit-DB VulDB
CVSS 4.0
6.9
EPSS
0.0%
CVE-2016-20025 HIGH POC This Week

Privilege escalation vulnerability in ZKTeco ZKAccess Professional 3.5.3 (Build 0005) where authenticated users can modify executable files due to insecure permissions, allowing them to replace binaries with malicious code and gain elevated privileges. Multiple public exploits are available (exploit-db, PacketStorm) making this a high-risk vulnerability for organizations using this access control software, despite no current KEV listing or EPSS data.

Privilege Escalation Path Traversal Information Disclosure Zkteco Zkaccess Professional
NVD Exploit-DB VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2016-20024 CRITICAL POC Act Now

Critical insecure file permissions vulnerability in ZKTeco ZKTime.Net 3.0.1.6 that allows unprivileged local users to gain elevated privileges by replacing executable files in the world-writable application directory. Multiple public proof-of-concept exploits are available on Exploit-DB and PacketStorm, making this vulnerability easily exploitable despite requiring local access. While not listed in CISA KEV and lacking current EPSS data, the availability of working exploits and the simplicity of the attack make this a significant risk for organizations using this time and attendance software.

Privilege Escalation Zkteco Zktime Net
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-30961 Go MEDIUM PATCH This Month

A validation bypass in the chunked file upload completion logic for file requests allows attackers to circumvent per-request file size limits by splitting oversized files into smaller chunks that individually pass validation. Attackers with access to a public file request link can sequentially upload chunks to exceed the administrator-configured MaxSize limit, uploading files up to the server's global MaxFileSizeMB threshold. This enables unauthorized storage consumption and potential service disruption through storage exhaustion, though no data exposure or privilege escalation occurs; the vulnerability carries a CVSS score of 4.3 with EPSS and KEV status not currently indicated as critical, suggesting limited real-world exploitation pressure despite straightforward attack mechanics.

Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-3999 HIGH PATCH This Week

A broken access control vulnerability in JetBrains Datalore allows authenticated users to escalate privileges horizontally, accessing resources of other users at the same permission level. The vulnerability affects Datalore versions prior to 2026.1 but only impacts specific configurations. With a CVSS score of 8.8 and high EPSS score of 0.36942, this represents a significant risk, though no active exploitation or proof-of-concept code has been reported publicly.

Privilege Escalation Authentication Bypass Id Server
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-57849 MEDIUM This Month

Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the a...

Privilege Escalation Red Hat Fuse 7
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-8766 MEDIUM This Month

Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd f...

Privilege Escalation Red Hat Openshift Data Foundation 4
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-21672 HIGH This Week

Local privilege escalation in Veeam Backup & Replication on Windows enables authenticated users to gain system-level access without user interaction. An attacker with local account credentials can exploit this vulnerability to achieve complete control over the backup infrastructure, including reading, modifying, or deleting backups. No patch is currently available for this high-severity issue affecting backup administrators and organizations relying on Veeam for data protection.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-1878 Monitor

An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the...

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2026-32106 npm MEDIUM PATCH This Month

## Summary The REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts, while the Dashboard API uses `indexOf`-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. ## Details The REST API handler in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:1365-1378`: ```typescript // REST API - only blocks creating 'owner' if (newUserRank === 'owner' && rank !== 'owner') { return yield* new RestAPIError({ error: 'Unauthorized to create user with owner rank', }); } if (rank === 'admin' && newUserRank === 'owner') { return yield* new RestAPIError({ error: 'Unauthorized to create user with owner rank', }); } // Missing: no check preventing admin from creating admin // newUserRank='admin' passes all checks ``` The Dashboard API handler in `_handlers/dashboard/create.ts` uses the correct approach: ```typescript // Dashboard API - blocks creating users at or above own rank const callerPerm = availablePermissionRanks.indexOf(userData.permissionLevel); const targetPerm = availablePermissionRanks.indexOf(rank); if (targetPerm >= callerPerm) { return yield* new DashboardAPIError({ error: 'Unauthorized: insufficient permissions to assign target rank', }); } ``` With `availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']`: - Admin (index 3) creating admin (index 3): `3 >= 3` = blocked in Dashboard - In REST API: no such check - allowed ## PoC ```bash # 1. Use an admin-level API token # 2. Create a new admin user via REST API curl -X POST 'http://localhost:4321/studiocms_api/rest/v1/secure/users' \ -H 'Authorization: Bearer <admin-api-token>' \ -H 'Content-Type: application/json' \ -d '{ "username": "rogue_admin", "email": "rogue@attacker.com", "displayname": "Rogue Admin", "rank": "admin", "password": "StrongP@ssw0rd123" }' # Expected: 403 Forbidden (admin should not create peer admin accounts) # Actual: 200 with new admin user created ``` ## Impact - A compromised or rogue admin can create additional admin accounts as persistence mechanisms that survive password resets or token revocations - Inconsistent security model between Dashboard API and REST API creates confusion about intended authorization boundaries - Note: requires admin access (PR:H), which limits practical severity ## Recommended Fix Replace string-based checks with `indexOf` comparison in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts`: ```typescript // Before: if (newUserRank === 'owner' && rank !== 'owner') { ... } if (rank === 'admin' && newUserRank === 'owner') { ... } // After: const availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']; const callerPerm = availablePermissionRanks.indexOf(rank); const targetPerm = availablePermissionRanks.indexOf(newUserRank); if (targetPerm >= callerPerm) { return yield* new RestAPIError({ error: 'Unauthorized: insufficient permissions to assign target rank', }); } ```

Privilege Escalation Studiocms
NVD GitHub VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-2640 MEDIUM This Month

Lenovo PC Manager permits local authenticated users to terminate privileged processes due to improper privilege management, potentially disrupting system operations or enabling denial of service. An attacker with valid credentials could leverage this vulnerability to halt critical processes without administrative approval. No patch is currently available to address this issue.

Privilege Escalation
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31979 HIGH PATCH This Week

Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.

Privilege Escalation Microsoft Himmelblau Suse
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-24510 MEDIUM This Month

Dell Alienware Command Center versions before 6.12.24.0 suffer from improper privilege management that allows local attackers with low privileges to escalate their access on affected systems. An attacker with physical or local system access combined with user interaction could gain elevated privileges, potentially compromising system integrity and confidentiality. No patch is currently available for this vulnerability.

Privilege Escalation Dell
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-31852 CRITICAL Act Now

Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.

Privilege Escalation RCE Apple iOS
NVD GitHub VulDB
CVSS 3.1
10.0
EPSS
0.1%
CVE-2026-20046 HIGH This Week

Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.

Cisco Apple Privilege Escalation Ios Xr
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-68623 HIGH This Week

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. [CVSS 8.8 HIGH]

Microsoft Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-12690 HIGH This Week

Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine versions up to 6.10.19 is affected by execution with unnecessary privileges.

Privilege Escalation Next Generation Firewall
NVD VulDB
CVSS 4.0
7.3
EPSS
0.0%
CVE-2026-30903 CRITICAL Act Now

File path control in Zoom Workplace for Windows Mail feature before 6.6.0.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-30902 HIGH This Week

Zoom Client for Windows contains a privilege escalation vulnerability that allows authenticated local users to gain elevated system privileges through improper access controls. An attacker with valid credentials can exploit this weakness to execute arbitrary code or access sensitive system resources without administrative approval. No patch is currently available for this issue.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30901 HIGH This Week

Improper Input Validation in Zoom Room versions up to 6.6.5 is affected by improper input validation (CVSS 7.0).

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-30900 HIGH This Week

Zoom's Windows client fails to properly validate minimum version requirements during updates, enabling authenticated local users to escalate their privileges on affected systems. An attacker with local access and valid credentials could exploit this validation bypass to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Microsoft
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1993 HIGH This Week

Privilege escalation in ExactMetrics WordPress plugin versions 7.1.0-9.0.2 allows authenticated users with the `exactmetrics_save_settings` capability to modify any plugin configuration without restrictions, potentially escalating themselves to administrative access. An attacker could exploit the missing input validation in the `update_settings()` function to grant plugin permissions to arbitrary user roles, including subscribers, effectively bypassing intended access controls. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Google
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2631 CRITICAL Act Now

Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.

WordPress Privilege Escalation
NVD WPScan
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-20105 Monitor

Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2025-20096 Monitor

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2025-20068 Monitor

Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2025-20064 Monitor

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2025-20028 Monitor

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation Race Condition
NVD VulDB
EPSS
0.0%
CVE-2025-20027 Monitor

Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2025-20005 This Week

Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.

Privilege Escalation
NVD VulDB
EPSS
0.0%
CVE-2026-31834 NuGet HIGH PATCH This Week

Privilege escalation in Umbraco CMS versions 15.3.1 through 16.5.0 and 17.x before 17.2.2 allows authenticated backoffice users with user management permissions to assign themselves elevated privileges by bypassing authorization checks on role assignments. An attacker with these permissions could gain administrative access to the CMS without proper privilege validation. No patch is currently available for affected installations.

Privilege Escalation Umbraco Cms
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-31828 npm HIGH PATCH This Week

Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.

Node.js DNS LDAP Privilege Escalation Parse Server
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-0124 HIGH This Week

Local privilege escalation in Android results from an out-of-bounds write vulnerability caused by insufficient bounds validation. A local attacker with limited privileges can exploit this flaw without user interaction to gain elevated system permissions. No patch is currently available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0123 HIGH This Week

Uncontrolled buffer writes in Android's EfwApTransport component allow local attackers to achieve privilege escalation without requiring user interaction or special permissions. The vulnerability stems from insufficient bounds checking in the ProcessRxRing function, enabling an attacker with local access to corrupt kernel memory and gain elevated privileges.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0119 MEDIUM This Month

An out-of-bounds write vulnerability in Android's USIM registration component allows an attacker with physical access to escalate privileges without requiring additional permissions or user interaction. The memory corruption flaw in usim_SendMCCMNCIndMsg could enable complete compromise of affected devices. No patch is currently available for this vulnerability.

Memory Corruption Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-0118 HIGH This Week

Oobconfig on Android contains a logic error that allows local attackers to circumvent carrier restrictions and escalate privileges without requiring additional execution capabilities or user interaction. This vulnerability enables unauthorized privilege elevation on affected devices through a straightforward exploitation path. No patch is currently available to remediate this issue.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0117 HIGH This Week

Local privilege escalation in Android's Media Framework Codec (MFC) decoder results from an out-of-bounds write vulnerability in the mfc_dec_dqbuf function due to inadequate bounds validation. An attacker with local access can exploit this defect without special privileges or user interaction to gain elevated system permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0113 CRITICAL Act Now

Modem has a third OOB write in cell broadcast utilities.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0112 HIGH This Week

Local privilege escalation on Android devices occurs through a race condition in the VPU driver's instance opening function, allowing attackers to trigger a use-after-free condition without requiring special privileges or user interaction. An unprivileged local attacker can exploit this vulnerability to gain elevated system privileges. No patch is currently available for this vulnerability.

Use After Free Privilege Escalation Race Condition Android Google
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-0111 CRITICAL Act Now

Modem OOB write in cell broadcast utilities enabling privilege escalation.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0110 CRITICAL Act Now

Samsung/Qualcomm modem has an out-of-bounds write in NR SM message handling enabling privilege escalation through crafted cellular signaling.

Memory Corruption Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-0107 HIGH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-36920 HIGH This Week

In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48611 CRITICAL Act Now

Android DeviceId component has a CVSS 10.0 out-of-bounds write in persistence handling enabling device compromise.

Privilege Escalation Buffer Overflow
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-3315 MEDIUM This Month

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.

Microsoft Privilege Escalation
NVD VulDB
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-30956 npm CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a third authorization bypass enabling low-privileged users to access admin functions.

Authentication Bypass Privilege Escalation Information Disclosure Node.js Oneuptime
NVD GitHub VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-30944 npm HIGH PATCH This Week

Privilege escalation in StudioCMS versions prior to 0.4.0 enables authenticated Editor-level users to generate API tokens for arbitrary accounts, including administrative and owner roles, due to missing authorization validation on the /studiocms_api/dashboard/api-tokens endpoint. An attacker with basic editor privileges can exploit this to gain full administrative access without requiring the target account's credentials. No patch is currently available for affected installations.

Privilege Escalation Authentication Bypass Studiocms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26131 NuGet HIGH PATCH This Week

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Privilege Escalation Red Hat
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-24018 HIGH This Week

following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).

Fortinet Privilege Escalation Forticlient
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-68648 HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...

Fortinet Privilege Escalation
NVD VulDB
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-29773 Go MEDIUM PATCH This Month

Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.

Kubernetes Privilege Escalation Authentication Bypass
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-28267 MEDIUM This Month

Improper file permission settings in multiple i-フィルター products allow local non-administrative users to create or overwrite critical files in system and backup directories. This vulnerability enables an attacker with local access to manipulate system integrity and potentially disrupt operations, though code execution is not directly possible. No patch is currently available for this vulnerability.

Privilege Escalation
NVD VulDB
CVSS 4.0
6.8
EPSS
0.0%
CVE-2026-30926 Go HIGH This Week

SiYuan Note prior to version 3.5.10 contains an insufficient authorization flaw in the /api/block/appendHeadingChildren endpoint that allows authenticated users with read-only (RoleReader) privileges to modify notebook content by appending blocks to documents. The vulnerability exists because the endpoint applies only basic authentication checks instead of enforcing stricter administrative or read-only restrictions. Affected users should upgrade to version 3.5.10 or later, as no workaround is currently available and exploitation requires only network access and valid read-only credentials.

Privilege Escalation Authentication Bypass Siyuan Suse
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-25045 HIGH This Week

Budibase suffers from missing server-side role validation in user management APIs, allowing Creator-level users to escalate privileges and perform unauthorized actions reserved for Tenant Admins and Owners. An authenticated attacker with Creator permissions can promote themselves to Tenant Admin, demote existing administrators, modify owner accounts, and manipulate organizational orders, resulting in complete tenant compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Authentication Bypass Budibase
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-3038 HIGH This Week

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]

Buffer Overflow Privilege Escalation Memory Corruption Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15576 HIGH This Week

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]

Privilege Escalation Microsoft Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15547 HIGH This Week

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. [CVSS 8.8 HIGH]

Privilege Escalation Freebsd
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-41761 HIGH This Week

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo. [CVSS 7.8 HIGH]

SSH Privilege Escalation Universal Bacnet Router Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30896 HIGH This Week

Arbitrary code execution with administrative privileges in Qsee Client 1.0.1 and earlier through insecure DLL loading in the installer. An attacker can exploit this by placing a malicious DLL in the same directory as the installer and tricking a user into executing it. No patch is currently available.

Privilege Escalation RCE Qsee Client
NVD VulDB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-30851 Go HIGH POC PATCH This Week

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, enabling authenticated attackers to inject identity headers and escalate privileges. This authentication bypass vulnerability affects deployments relying on Caddy for request forwarding and has public exploit code available. The vulnerability requires valid authentication credentials but allows complete privilege elevation within affected systems.

TLS Privilege Escalation Caddy Suse
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-8899 HIGH This Week

The Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an a...

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-30225 Go MEDIUM POC PATCH This Month

OliveTin versions prior to 3000.11.1 contain an authentication bypass in RestartAction that allows authenticated users to execute shell commands beyond their assigned permissions. The vulnerability stems from improper request context handling that causes the system to fall back to guest user privileges, which may have broader access than the authenticated caller. Public exploit code exists for this medium-severity flaw that enables privilege escalation and unauthorized command execution.

Privilege Escalation Olivetin Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-26288 CRITICAL Act Now

Unauthenticated remote attackers can impersonate electric vehicle charging stations in Everon's api.everon.io platform via unprotected OCPP WebSocket endpoints. By connecting with a known or discovered station identifier, attackers gain full control to issue OCPP commands as legitimate chargers, manipulate charging session data, escalate privileges within the charging network infrastructure, and corrupt backend telemetry. CISA ICS-CERT reports this vulnerability affecting critical EV charging infrastructure. Despite 9.3 CVSS score indicating critical severity, EPSS score of 0.09% (25th percentile) suggests exploitation requires specialized knowledge of OCPP protocol and charging network architecture rather than mass automated scanning.

Privilege Escalation Authentication Bypass Api Everon Io
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-26051 CRITICAL Act Now

WebSocket auth bypass — same industrial platform family.

Privilege Escalation Authentication Bypass E Mobility
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2026-29061 Go MEDIUM PATCH This Month

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. [CVSS 5.4 MEDIUM]

Privilege Escalation Gokapi Suse
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-28727 HIGH This Week

Acronis Cyber Protect and Cloud Agent on macOS before specific builds contain an insecure Unix socket permissions vulnerability that allows local authenticated users to escalate privileges and gain complete system control. An attacker with local access can exploit this misconfiguration to read sensitive data, modify system files, and execute arbitrary commands with elevated rights. No patch is currently available for this HIGH severity vulnerability.

Privilege Escalation Apple
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-28722 HIGH This Week

Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28721 HIGH This Week

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-28717 MEDIUM This Month

Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
5.0
EPSS
0.0%
CVE-2026-28712 MEDIUM This Month

Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2026-28711 MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.

Windows Privilege Escalation Cyber Protect
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2026-22552 CRITICAL Act Now

Unauthenticated remote attackers can impersonate electric vehicle charging stations in ePower.ie by connecting to exposed OCPP WebSocket endpoints without credentials. Using any known or guessed charging station identifier, attackers gain full control to issue fraudulent charging commands, manipulate billing data, and corrupt network telemetry sent to backend systems. CISA ICS-CERT published an advisory (ICSA-26-062-07) indicating industrial control system exposure. EPSS score of 0.12% (31st percentile) suggests low automated exploitation probability despite 9.3 CVSS, though the authentication bypass affects critical electric vehicle charging infrastructure.

Privilege Escalation Authentication Bypass Epower Ie
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.1%
CVE-2025-11792 HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]

Privilege Escalation Agent Windows
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-29610 npm HIGH PATCH This Week

Arbitrary command execution in OpenClaw prior to version 2026.2.14 stems from improper PATH validation during node-host execution and project bootstrapping, allowing authenticated attackers or those with local filesystem access to substitute malicious binaries for legitimate commands. An attacker can exploit this to bypass allowlisted command restrictions and achieve code execution with the privileges of the OpenClaw process. A patch is available for versions 2026.2.14 and later.

Privilege Escalation Openclaw
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-28392 npm HIGH PATCH This Week

OpenClaw versions before 2026.2.14 allow unauthenticated attackers to execute privileged slash commands via direct message when the dmPolicy setting is configured to open, bypassing security controls like allowlists and access groups. This privilege escalation stems from improper authorization checks in the Slack slash-command handler that fails to validate direct message senders. A patch is available for affected users.

Privilege Escalation Openclaw
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-21621 HIGH This Week

Hexpm's OAuth implementation fails to enforce read-only API key restrictions during token exchange, allowing an attacker with a victim's read-only API key and valid 2FA code to obtain a full-access API key with unrestricted permissions. This privilege escalation vulnerability affects users of the Hexpm package repository and enables unauthorized modification of packages and account settings. No patch is currently available.

Privilege Escalation Authentication Bypass Hexpm
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-29165 CRITICAL Act Now

Privilege escalation in D-Link DIR-1253 MESH V1.6.1684 via etc/shadow.sample.

D-Link Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13350 This Week

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...

Linux Ubuntu Use After Free Privilege Escalation Linux Kernel
NVD
EPSS
0.0%
CVE-2026-26416 HIGH This Week

Privilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume higher-privileged roles through specially crafted requests. This vulnerability affects all users with valid credentials and could allow attackers to gain unauthorized administrative access. No patch is currently available.

Privilege Escalation Cognix Platform
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-70616 HIGH POC This Week

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Linux Buffer Overflow Denial Of Service Privilege Escalation Wnbios64.Sys
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30793 CRITICAL Act Now

Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.

CSRF Privilege Escalation Authentication Bypass Google Apple +4
NVD GitHub VulDB
CVSS 4.0
9.3
EPSS
0.0%
CVE-2026-27750 HIGH This Week

Internet Security contains a vulnerability that allows attackers to deletion of protected files or directories and can lead to local privilege escal (CVSS 7.8).

Denial Of Service Privilege Escalation Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27748 HIGH This Week

Avira Internet Security's Software Updater fails to validate symbolic links when deleting files during updates, allowing a local attacker to redirect SYSTEM-level file deletion operations to arbitrary targets. An authenticated local user can exploit this improper link resolution to delete critical system files, potentially achieving privilege escalation, denial of service, or compromising system integrity. No patch is currently available.

Denial Of Service Privilege Escalation Internet Security
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-28548 HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-28541 MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
CVSS 3.1
4.0
EPSS
0.0%
CVE-2026-1321 HIGH This Week

Unauthenticated attackers can escalate privileges in WordPress installations using the Membership Plugin - Restrict Content (versions up to 3.2.20) by registering with arbitrary membership levels, including inactive levels or those granting administrator access, due to insufficient validation of the rcp_level parameter. This allows attackers to bypass payment requirements and gain unauthorized administrative roles without authentication. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH This Week

A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe).

Privilege Escalation
NVD GitHub VulDB
EPSS 0% CVSS 8.5
HIGH POC This Week

Serviio PRO 1.8 and earlier versions contain an unquoted service path vulnerability combined with insecure directory permissions that allows local authenticated users to escalate privileges to SYSTEM level. A public exploit is available, making this vulnerability easily exploitable by any authenticated user on the system. With a CVSS score of 7.8 and multiple proof-of-concept exploits published, this represents a significant risk for organizations running affected versions.

Privilege Escalation RCE Microsoft
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH POC This Week

A privilege escalation vulnerability in Wowza Streaming Engine 4.5.0 allows authenticated read-only users to elevate their privileges to administrator level by manipulating POST parameters (accessLevel='admin', advUser='true'/'on') sent to the user edit endpoint. A public exploit is available on exploit-db, though the vulnerability has not been added to CISA's KEV catalog, suggesting limited real-world exploitation despite the high CVSS score of 8.8.

Privilege Escalation CSRF Wowza Streaming Engine
NVD Exploit-DB VulDB
EPSS 0% CVSS 7.8
HIGH POC This Week

Wowza Streaming Engine 4.5.0 contains a local privilege escalation vulnerability where authenticated users can gain SYSTEM-level access by replacing service executables due to overly permissive file permissions that grant the Everyone group full control. A public proof-of-concept exploit is available, making this vulnerability easily exploitable by any authenticated local user to completely compromise the system.

Privilege Escalation Authentication Bypass Wowza Streaming Engine
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.9
MEDIUM POC This Month

ZKTeco ZKBioSecurity 3.0 contains a local file path manipulation vulnerability (CWE-276) that allows unauthenticated attackers to bypass access controls and read arbitrary files including configuration files, source code, and application resources. A publicly available proof-of-concept exists, and the vulnerability has moderate real-world risk due to its local attack vector requirement but high confidentiality impact on sensitive biometric system data.

Privilege Escalation Zkteco Zkbiosecurity
NVD Exploit-DB VulDB
EPSS 0% CVSS 8.7
HIGH POC This Week

Privilege escalation vulnerability in ZKTeco ZKAccess Professional 3.5.3 (Build 0005) where authenticated users can modify executable files due to insecure permissions, allowing them to replace binaries with malicious code and gain elevated privileges. Multiple public exploits are available (exploit-db, PacketStorm) making this a high-risk vulnerability for organizations using this access control software, despite no current KEV listing or EPSS data.

Privilege Escalation Path Traversal Information Disclosure +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 9.3
CRITICAL POC Act Now

Critical insecure file permissions vulnerability in ZKTeco ZKTime.Net 3.0.1.6 that allows unprivileged local users to gain elevated privileges by replacing executable files in the world-writable application directory. Multiple public proof-of-concept exploits are available on Exploit-DB and PacketStorm, making this vulnerability easily exploitable despite requiring local access. While not listed in CISA KEV and lacking current EPSS data, the availability of working exploits and the simplicity of the attack make this a significant risk for organizations using this time and attendance software.

Privilege Escalation Zkteco Zktime Net
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

A validation bypass in the chunked file upload completion logic for file requests allows attackers to circumvent per-request file size limits by splitting oversized files into smaller chunks that individually pass validation. Attackers with access to a public file request link can sequentially upload chunks to exceed the administrator-configured MaxSize limit, uploading files up to the server's global MaxFileSizeMB threshold. This enables unauthorized storage consumption and potential service disruption through storage exhaustion, though no data exposure or privilege escalation occurs; the vulnerability carries a CVSS score of 4.3 with EPSS and KEV status not currently indicated as critical, suggesting limited real-world exploitation pressure despite straightforward attack mechanics.

Information Disclosure Privilege Escalation Suse
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A broken access control vulnerability in JetBrains Datalore allows authenticated users to escalate privileges horizontally, accessing resources of other users at the same permission level. The vulnerability affects Datalore versions prior to 2026.1 but only impacts specific configurations. With a CVSS score of 8.8 and high EPSS score of 0.36942, this represents a significant risk, though no active exploitation or proof-of-concept code has been reported publicly.

Privilege Escalation Authentication Bypass Id Server
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Fuse images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the a...

Privilege Escalation Red Hat Fuse 7
NVD VulDB
EPSS 0% CVSS 6.4
MEDIUM This Month

Medium severity vulnerability in systemd. A container privilege escalation flaw was found in certain Multi-Cloud Object Gateway Core images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd f...

Privilege Escalation Red Hat Openshift Data Foundation 4
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Local privilege escalation in Veeam Backup & Replication on Windows enables authenticated users to gain system-level access without user interaction. An attacker with local account credentials can exploit this vulnerability to achieve complete control over the backup infrastructure, including reading, modifying, or deleting backups. No patch is currently available for this high-severity issue affecting backup administrators and organizations relying on Veeam for data protection.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0%
Monitor

An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimate installer is substituted with an unexpected payload immediately after download, resulting in arbitrary code execution. Refer to the "Security Update for ASUS ROG peripheral driver" section on the...

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

## Summary The REST API `createUser` endpoint uses string-based rank checks that only block creating `owner` accounts, while the Dashboard API uses `indexOf`-based rank comparison that prevents creating users at or above your own rank. This inconsistency allows an admin to create additional admin accounts via the REST API, enabling privilege proliferation and persistence. ## Details The REST API handler in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts:1365-1378`: ```typescript // REST API - only blocks creating 'owner' if (newUserRank === 'owner' && rank !== 'owner') { return yield* new RestAPIError({ error: 'Unauthorized to create user with owner rank', }); } if (rank === 'admin' && newUserRank === 'owner') { return yield* new RestAPIError({ error: 'Unauthorized to create user with owner rank', }); } // Missing: no check preventing admin from creating admin // newUserRank='admin' passes all checks ``` The Dashboard API handler in `_handlers/dashboard/create.ts` uses the correct approach: ```typescript // Dashboard API - blocks creating users at or above own rank const callerPerm = availablePermissionRanks.indexOf(userData.permissionLevel); const targetPerm = availablePermissionRanks.indexOf(rank); if (targetPerm >= callerPerm) { return yield* new DashboardAPIError({ error: 'Unauthorized: insufficient permissions to assign target rank', }); } ``` With `availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']`: - Admin (index 3) creating admin (index 3): `3 >= 3` = blocked in Dashboard - In REST API: no such check - allowed ## PoC ```bash # 1. Use an admin-level API token # 2. Create a new admin user via REST API curl -X POST 'http://localhost:4321/studiocms_api/rest/v1/secure/users' \ -H 'Authorization: Bearer <admin-api-token>' \ -H 'Content-Type: application/json' \ -d '{ "username": "rogue_admin", "email": "rogue@attacker.com", "displayname": "Rogue Admin", "rank": "admin", "password": "StrongP@ssw0rd123" }' # Expected: 403 Forbidden (admin should not create peer admin accounts) # Actual: 200 with new admin user created ``` ## Impact - A compromised or rogue admin can create additional admin accounts as persistence mechanisms that survive password resets or token revocations - Inconsistent security model between Dashboard API and REST API creates confusion about intended authorization boundaries - Note: requires admin access (PR:H), which limits practical severity ## Recommended Fix Replace string-based checks with `indexOf` comparison in `packages/studiocms/frontend/pages/studiocms_api/_handlers/rest-api/v1/secure.ts`: ```typescript // Before: if (newUserRank === 'owner' && rank !== 'owner') { ... } if (rank === 'admin' && newUserRank === 'owner') { ... } // After: const availablePermissionRanks = ['unknown', 'visitor', 'editor', 'admin', 'owner']; const callerPerm = availablePermissionRanks.indexOf(rank); const targetPerm = availablePermissionRanks.indexOf(newUserRank); if (targetPerm >= callerPerm) { return yield* new RestAPIError({ error: 'Unauthorized: insufficient permissions to assign target rank', }); } ```

Privilege Escalation Studiocms
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Lenovo PC Manager permits local authenticated users to terminate privileged processes due to improper privilege management, potentially disrupting system operations or enabling denial of service. An attacker with valid credentials could leverage this vulnerability to halt critical processes without administrative approval. No patch is currently available to address this issue.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Local privilege escalation in Himmelblau prior to versions 3.1.0 and 2.3.8 allows authenticated local users to exploit insecure Kerberos cache file handling in the root-running himmelblaud-tasks daemon through symlink attacks. The vulnerability stems from the removal of PrivateTmp protections, exposing /tmp operations to symlink-based file overwrite and ownership manipulation attacks. An attacker with local access can leverage this flaw to achieve arbitrary file modification and full system compromise.

Privilege Escalation Microsoft Himmelblau +1
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell Alienware Command Center versions before 6.12.24.0 suffer from improper privilege management that allows local attackers with low privileges to escalate their access on affected systems. An attacker with physical or local system access combined with user interaction could gain elevated privileges, potentially compromising system integrity and confidentiality. No patch is currently available for this vulnerability.

Privilege Escalation Dell
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Arbitrary code execution in Jellyfin iOS GitHub Actions workflow. CVSS 10.0.

Privilege Escalation RCE Apple +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Cisco IOS XR Software contains a task group mapping flaw in a specific CLI command that allows authenticated local attackers to bypass privilege checks and gain full administrative access to affected devices. An attacker with low-privileged credentials can exploit this misconfiguration to execute unauthorized administrative actions without proper authorization validation. No patch is currently available.

Cisco Apple Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. [CVSS 8.8 HIGH]

Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Execution with unnecessary privileges in Forcepoint NGFW Engine allows local privilege escalation.This issue affects NGFW Engine versions up to 6.10.19 is affected by execution with unnecessary privileges.

Privilege Escalation Next Generation Firewall
NVD VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

File path control in Zoom Workplace for Windows Mail feature before 6.6.0.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Client for Windows contains a privilege escalation vulnerability that allows authenticated local users to gain elevated system privileges through improper access controls. An attacker with valid credentials can exploit this weakness to execute arbitrary code or access sensitive system resources without administrative approval. No patch is currently available for this issue.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Improper Input Validation in Zoom Room versions up to 6.6.5 is affected by improper input validation (CVSS 7.0).

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Zoom's Windows client fails to properly validate minimum version requirements during updates, enabling authenticated local users to escalate their privileges on affected systems. An attacker with local access and valid credentials could exploit this validation bypass to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Microsoft
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in ExactMetrics WordPress plugin versions 7.1.0-9.0.2 allows authenticated users with the `exactmetrics_save_settings` capability to modify any plugin configuration without restrictions, potentially escalating themselves to administrative access. An attacker could exploit the missing input validation in the `update_settings()` function to grant plugin permissions to arbitrary user roles, including subscribers, effectively bypassing intended access controls. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Google
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated REST endpoint in Datalogics Ecommerce Delivery WordPress plugin before 2.6.60.

WordPress Privilege Escalation
NVD WPScan
EPSS 0%
Monitor

Improper input validation in some UEFI firmware SMM module for the Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution.

Privilege Escalation
NVD VulDB
EPSS 0%
Monitor

Improper input validation in the UEFI firmware for some Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.

Privilege Escalation
NVD VulDB
EPSS 0%
Monitor

Improper input validation in the UEFI ImcErrorHandler module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation
NVD VulDB
EPSS 0%
Monitor

Improper input validation in the UEFI FlashUcAcmSmm module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution.

Privilege Escalation
NVD VulDB
EPSS 0%
Monitor

Time-of-check time-of-use race condition in the WheaERST SMM module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation Race Condition
NVD VulDB
EPSS 0%
Monitor

Improper input validation in the UEFI WheaERST module for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege.

Privilege Escalation
NVD VulDB
EPSS 0%
This Week

Improper buffer restrictions in some UEFI firmware for some Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Privilege escalation in Umbraco CMS versions 15.3.1 through 16.5.0 and 17.x before 17.2.2 allows authenticated backoffice users with user management permissions to assign themselves elevated privileges by bypassing authorization checks on role assignments. An attacker with these permissions could gain administrative access to the CMS without proper privilege validation. No patch is currently available for affected installations.

Privilege Escalation Umbraco Cms
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Parse Server's LDAP authentication adapter fails to properly sanitize user input in Distinguished Names and group filters, allowing authenticated attackers to inject LDAP commands and bypass group-based access controls. This vulnerability enables privilege escalation for any valid LDAP user to gain membership in restricted groups, affecting deployments that rely on LDAP group policies for authorization. Patches are available in versions 9.5.2-alpha.13 and 8.6.26.

Node.js DNS LDAP +2
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Android results from an out-of-bounds write vulnerability caused by insufficient bounds validation. A local attacker with limited privileges can exploit this flaw without user interaction to gain elevated system permissions. No patch is currently available.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Uncontrolled buffer writes in Android's EfwApTransport component allow local attackers to achieve privilege escalation without requiring user interaction or special permissions. The vulnerability stems from insufficient bounds checking in the ProcessRxRing function, enabling an attacker with local access to corrupt kernel memory and gain elevated privileges.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

An out-of-bounds write vulnerability in Android's USIM registration component allows an attacker with physical access to escalate privileges without requiring additional permissions or user interaction. The memory corruption flaw in usim_SendMCCMNCIndMsg could enable complete compromise of affected devices. No patch is currently available for this vulnerability.

Memory Corruption Privilege Escalation Android +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Oobconfig on Android contains a logic error that allows local attackers to circumvent carrier restrictions and escalate privileges without requiring additional execution capabilities or user interaction. This vulnerability enables unauthorized privilege elevation on affected devices through a straightforward exploitation path. No patch is currently available to remediate this issue.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Android's Media Framework Codec (MFC) decoder results from an out-of-bounds write vulnerability in the mfc_dec_dqbuf function due to inadequate bounds validation. An attacker with local access can exploit this defect without special privileges or user interaction to gain elevated system permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Modem has a third OOB write in cell broadcast utilities.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Local privilege escalation on Android devices occurs through a race condition in the VPU driver's instance opening function, allowing attackers to trigger a use-after-free condition without requiring special privileges or user interaction. An unprivileged local attacker can exploit this vulnerability to gain elevated system privileges. No patch is currently available for this vulnerability.

Use After Free Privilege Escalation Race Condition +2
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Modem OOB write in cell broadcast utilities enabling privilege escalation.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Samsung/Qualcomm modem has an out-of-bounds write in NR SM message handling enabling privilege escalation through crafted cellular signaling.

Memory Corruption Privilege Escalation Android +1
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 8.4
HIGH This Week

In hyp_alloc of arch/arm64/kvm/hyp/nvhe/alloc.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Android DeviceId component has a CVSS 10.0 out-of-bounds write in persistence handling enabling device compromise.

Privilege Escalation Buffer Overflow
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33.

Microsoft Privilege Escalation
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL POC PATCH Act Now

OneUptime prior to 10.0.21 has a third authorization bypass enabling low-privileged users to access admin functions.

Authentication Bypass Privilege Escalation Information Disclosure +2
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in StudioCMS versions prior to 0.4.0 enables authenticated Editor-level users to generate API tokens for arbitrary accounts, including administrative and owner roles, due to missing authorization validation on the /studiocms_api/dashboard/api-tokens endpoint. An attacker with basic editor privileges can exploit this to gain full administrative access without requiring the target account's credentials. No patch is currently available for affected installations.

Privilege Escalation Authentication Bypass Studiocms
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. [CVSS 7.8 HIGH]

Privilege Escalation Red Hat
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

following vulnerability in Fortinet FortiClientLinux 7.4.0 versions up to 7.4.4 contains a vulnerability that allows attackers to a local and unprivileged user to escalate their privileges to root (CVSS 7.8).

Fortinet Privilege Escalation Forticlient
NVD VulDB
EPSS 0% CVSS 7.2
HIGH This Week

A use of externally-controlled format string vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all versions, FortiAnalyzer 7.0 all versions, FortiAnalyzer Cloud 7.6.0 through 7.6.4, FortiAnalyzer Cloud 7.4.0 through 7.4.7, FortiAnalyzer Cloud 7.2 all versions, FortiAnalyzer Cloud 7.0 all versions, FortiManager 7.6.0 through 7.6.4, FortiManager 7.4.0 through 7.4.7, FortiManager 7.2 all versions, FortiManager 7.0 all versions, Fort...

Fortinet Privilege Escalation
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Kubewarden's deprecated host-callback APIs in AdmissionPolicy can be exploited by authenticated users with policy creation permissions to gain unauthorized read access to cluster-level resources including Ingresses, Namespaces, and Services. An attacker with privileged AdmissionPolicy creation permissions—not a default privilege—could craft malicious policies to bypass intended access controls and enumerate sensitive cluster infrastructure, though this vulnerability is limited to read-only access without write capability or access to Secrets and ConfigMaps. The vulnerability affects Kubernetes deployments using Kubewarden and currently has no available patch.

Kubernetes Privilege Escalation Authentication Bypass
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper file permission settings in multiple i-フィルター products allow local non-administrative users to create or overwrite critical files in system and backup directories. This vulnerability enables an attacker with local access to manipulate system integrity and potentially disrupt operations, though code execution is not directly possible. No patch is currently available for this vulnerability.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

SiYuan Note prior to version 3.5.10 contains an insufficient authorization flaw in the /api/block/appendHeadingChildren endpoint that allows authenticated users with read-only (RoleReader) privileges to modify notebook content by appending blocks to documents. The vulnerability exists because the endpoint applies only basic authentication checks instead of enforcing stricter administrative or read-only restrictions. Affected users should upgrade to version 3.5.10 or later, as no workaround is currently available and exploitation requires only network access and valid read-only credentials.

Privilege Escalation Authentication Bypass Siyuan +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Budibase suffers from missing server-side role validation in user management APIs, allowing Creator-level users to escalate privileges and perform unauthorized actions reserved for Tenant Admins and Owners. An authenticated attacker with Creator permissions can promote themselves to Tenant Admin, demote existing administrators, modify owner accounts, and manipulate organizational orders, resulting in complete tenant compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Authentication Bypass Budibase
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

The rtsock_msg_buffer() function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddr_storage structure on the stack. [CVSS 7.5 HIGH]

Buffer Overflow Privilege Escalation Memory Corruption +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]

Privilege Escalation Microsoft Freebsd
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. [CVSS 8.8 HIGH]

Privilege Escalation Freebsd
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A low‑privileged local attacker who gains access to the UBR service account (e.g., via SSH) can escalate privileges to obtain full system access. This is due to the service account being permitted to execute certain binaries (e.g., tcpdump and ip) with sudo. [CVSS 7.8 HIGH]

SSH Privilege Escalation Universal Bacnet Router Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution with administrative privileges in Qsee Client 1.0.1 and earlier through insecure DLL loading in the installer. An attacker can exploit this by placing a malicious DLL in the same directory as the installer and tricking a user into executing it. No patch is currently available.

Privilege Escalation RCE Qsee Client
NVD VulDB
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Caddy versions 2.10.0 through 2.11.1 fail to strip client-supplied headers in the forward_auth copy_headers directive, enabling authenticated attackers to inject identity headers and escalate privileges. This authentication bypass vulnerability affects deployments relying on Caddy for request forwarding and has public exploit code available. The vulnerability requires valid authentication credentials but allows complete privilege elevation within affected systems.

TLS Privilege Escalation Caddy +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The Paid Videochat Turnkey Site - HTML5 PPV Live Webcams plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.3.20. This is due to videowhisper_register_form() function not restricting user roles that can be set during registration. This makes it possible for authenticated attackers, with Author-level access and above, to create posts/pages with the registration form and administrator set as the role and subsequently use that form to register an a...

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

OliveTin versions prior to 3000.11.1 contain an authentication bypass in RestartAction that allows authenticated users to execute shell commands beyond their assigned permissions. The vulnerability stems from improper request context handling that causes the system to fall back to guest user privileges, which may have broader access than the authenticated caller. Public exploit code exists for this medium-severity flaw that enables privilege escalation and unauthorized command execution.

Privilege Escalation Olivetin Suse
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote attackers can impersonate electric vehicle charging stations in Everon's api.everon.io platform via unprotected OCPP WebSocket endpoints. By connecting with a known or discovered station identifier, attackers gain full control to issue OCPP commands as legitimate chargers, manipulate charging session data, escalate privileges within the charging network infrastructure, and corrupt backend telemetry. CISA ICS-CERT reports this vulnerability affecting critical EV charging infrastructure. Despite 9.3 CVSS score indicating critical severity, EPSS score of 0.09% (25th percentile) suggests exploitation requires specialized knowledge of OCPP protocol and charging network architecture rather than mass automated scanning.

Privilege Escalation Authentication Bypass Api Everon Io
NVD GitHub VulDB
EPSS 0% CVSS 9.3
CRITICAL Act Now

WebSocket auth bypass — same industrial platform family.

Privilege Escalation Authentication Bypass E Mobility
NVD GitHub VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. [CVSS 5.4 MEDIUM]

Privilege Escalation Gokapi Suse
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Acronis Cyber Protect and Cloud Agent on macOS before specific builds contain an insecure Unix socket permissions vulnerability that allows local authenticated users to escalate privileges and gain complete system control. An attacker with local access can exploit this misconfiguration to read sensitive data, modify system files, and execute arbitrary commands with elevated rights. No patch is currently available for this HIGH severity vulnerability.

Privilege Escalation Apple
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper symbolic link handling in Acronis Cyber Protect 17 for Windows (before build 41186) enables local attackers with limited privileges to escalate to system-level access through a race condition. An authenticated user can exploit this vulnerability to gain full control over the affected system, including reading sensitive data and modifying system configurations. No patch is currently available for this high-severity flaw.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Acronis Cyber Protect 17 for Windows before build 41186 allows local attackers with standard user privileges to escalate to system-level access through improper handling of symbolic links. An authenticated attacker can exploit this vulnerability to gain full control over the affected system, including the ability to read, modify, or delete sensitive data and execute arbitrary code. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

Improper directory permissions in Acronis Cyber Protect 17 for Windows (before build 41186) allow local authenticated users to escalate privileges through a user-interaction-dependent attack vector. An attacker with local access could modify files or settings to gain elevated system permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Acronis Cyber Protect 17 for Windows before build 41186 is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated attackers to escalate privileges on affected systems. An attacker with local access and low privileges can exploit this vulnerability to gain higher-level permissions without user interaction. No patch is currently available for this vulnerability.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Acronis Cyber Protect 17 before build 41186 on Windows is vulnerable to local privilege escalation through DLL hijacking, allowing authenticated users to gain elevated system privileges. An attacker with local access and low privileges can exploit this weakness to execute code with higher permissions. No patch is currently available for this issue.

Windows Privilege Escalation Cyber Protect
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Unauthenticated remote attackers can impersonate electric vehicle charging stations in ePower.ie by connecting to exposed OCPP WebSocket endpoints without credentials. Using any known or guessed charging station identifier, attackers gain full control to issue fraudulent charging commands, manipulate billing data, and corrupt network telemetry sent to backend systems. CISA ICS-CERT published an advisory (ICSA-26-062-07) indicating industrial control system exposure. EPSS score of 0.12% (31st percentile) suggests low automated exploitation probability despite 9.3 CVSS, though the authentication bypass affects critical electric vehicle charging infrastructure.

Privilege Escalation Authentication Bypass Epower Ie
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 41124. [CVSS 7.3 HIGH]

Privilege Escalation Agent Windows
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Arbitrary command execution in OpenClaw prior to version 2026.2.14 stems from improper PATH validation during node-host execution and project bootstrapping, allowing authenticated attackers or those with local filesystem access to substitute malicious binaries for legitimate commands. An attacker can exploit this to bypass allowlisted command restrictions and achieve code execution with the privileges of the OpenClaw process. A patch is available for versions 2026.2.14 and later.

Privilege Escalation Openclaw
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

OpenClaw versions before 2026.2.14 allow unauthenticated attackers to execute privileged slash commands via direct message when the dmPolicy setting is configured to open, bypassing security controls like allowlists and access groups. This privilege escalation stems from improper authorization checks in the Slack slash-command handler that fails to validate direct message senders. A patch is available for affected users.

Privilege Escalation Openclaw
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Hexpm's OAuth implementation fails to enforce read-only API key restrictions during token exchange, allowing an attacker with a victim's read-only API key and valid 2FA code to obtain a full-access API key with unrestricted permissions. This privilege escalation vulnerability affects users of the Hexpm package repository and enables unauthorized modification of packages and account settings. No patch is currently available.

Privilege Escalation Authentication Bypass Hexpm
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in D-Link DIR-1253 MESH V1.6.1684 via etc/shadow.sample.

D-Link Privilege Escalation
NVD GitHub
EPSS 0%
This Week

Ubuntu Linux 6.8 GA retains the legacy AF_UNIX garbage collector but backports upstream commit 8594d9b85c07 ("af_unix: Don’t call skb_get() for OOB skb"). When orphaned MSG_OOB sockets hit unix_gc(), the garbage collector still calls kfree_skb() as if OOB SKBs held two references; on Ubuntu Linux 6.8 (Noble Numbat) kernel tree, they have only the queue reference, so the buffer is freed while still reachable and subsequent queue walks dereference freed memory, yielding a reliable local privile...

Linux Ubuntu Use After Free +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in Cognix Platform v3.0 permits authenticated users to bypass authorization controls and assume higher-privileged roles through specially crafted requests. This vulnerability affects all users with valid credentials and could allow attackers to gain unauthorized administrative access. No patch is currently available.

Privilege Escalation Cognix Platform
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A stack buffer overflow vulnerability exists in the Wincor Nixdorf wnBios64.sys kernel driver (version 1.2.0.0) in the IOCTL handler for code 0x80102058. [CVSS 7.8 HIGH]

Linux Buffer Overflow Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL Act Now

Security vulnerability in RustDesk remote desktop client/server. One of 6+ critical CVEs affecting the open-source remote access platform.

CSRF Privilege Escalation Authentication Bypass +6
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Internet Security contains a vulnerability that allows attackers to deletion of protected files or directories and can lead to local privilege escal (CVSS 7.8).

Denial Of Service Privilege Escalation Internet Security
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Avira Internet Security's Software Updater fails to validate symbolic links when deleting files during updates, allowing a local attacker to redirect SYSTEM-level file deletion operations to arbitrary targets. An authenticated local user can exploit this improper link resolution to delete critical system files, potentially achieving privilege escalation, denial of service, or compromising system integrity. No patch is currently available.

Denial Of Service Privilege Escalation Internet Security
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 7.1 HIGH]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 4.0).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated attackers can escalate privileges in WordPress installations using the Membership Plugin - Restrict Content (versions up to 3.2.20) by registering with arbitrary membership levels, including inactive levels or those granting administrator access, due to insufficient validation of the rcp_level parameter. This allows attackers to bypass payment requirements and gain unauthorized administrative roles without authentication. No patch is currently available for this vulnerability.

WordPress Privilege Escalation Authentication Bypass
NVD
Prev Page 13 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy