Privilege Escalation
Monthly
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).
Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.
Privilege escalation in LMS Elementor Pro WordPress plugin.
Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices contains a security vulnerability (CVSS 7.1).
Privilege escalation in Amelia booking plugin through version 1.2.38 allows high-privileged users to gain unauthorized elevated access due to improper privilege assignment. An authenticated attacker with administrative credentials can exploit this vulnerability to compromise system integrity and confidentiality. No patch is currently available.
Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.
Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).
Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.
Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.
Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.
The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.
Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.
Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]
Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.
A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.
Privilege escalation in User Registration & Membership WordPress plugin.
Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.
Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.
An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.
Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.
A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.
Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.
Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.
Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.
Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.
The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.
Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.
Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.
Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).
Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.
Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]
Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.
Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.
Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.
Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.
OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.
Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.
Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.
Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.
Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).
Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.
Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.
OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.
Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).
Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.
Privilege escalation in LMS Elementor Pro WordPress plugin.
Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices contains a security vulnerability (CVSS 7.1).
Privilege escalation in Amelia booking plugin through version 1.2.38 allows high-privileged users to gain unauthorized elevated access due to improper privilege assignment. An authenticated attacker with administrative credentials can exploit this vulnerability to compromise system integrity and confidentiality. No patch is currently available.
Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.
Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).
Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).
Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.
Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.
Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.
The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.
Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.
Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.
The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...
Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).
Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.
Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).
Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]
Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.
A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.
Privilege escalation in User Registration & Membership WordPress plugin.
Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.
Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.
An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.
Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.
A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.
Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.
Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.
Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.
Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.
The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.
Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.
Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.
Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).
Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.
Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).
Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).
In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).
In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]
In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).
In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).
In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]
In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]
In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]
In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]
In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]
Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.
Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.
Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).
Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).
The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.
Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.
OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.
Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.
Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.
Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.
Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.
Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).
Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.
Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.
OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.
Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.