Skip to main content

Privilege Escalation

13301 CVEs technique

Monthly

CVE-2025-66319 LOW Monitor

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).

Privilege Escalation
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2026-29128 CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation Information Disclosure Credential Stuffing +2
NVD
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-27983 CRITICAL Act Now

Privilege escalation in LMS Elementor Pro WordPress plugin.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27541 HIGH This Week

Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices contains a security vulnerability (CVSS 7.1).

WordPress Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-24963 HIGH This Week

Privilege escalation in Amelia booking plugin through version 1.2.38 allows high-privileged users to gain unauthorized elevated access due to improper privilege assignment. An authenticated attacker with administrative credentials can exploit this vulnerability to compromise system integrity and confidentiality. No patch is currently available.

Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-29127 HIGH POC This Week

Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26034 HIGH This Week

Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).

Privilege Escalation RCE Ups Multi Ups Management Console
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-29126 HIGH POC This Week

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29124 HIGH POC This Week

Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29123 HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-29122 MEDIUM POC This Month

Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-29121 HIGH POC This Week

The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.

Privilege Escalation Sfx2100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27803 Cargo HIGH PATCH This Week

Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-27802 Cargo HIGH PATCH This Week

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
CVSS 3.1
8.3
EPSS
0.0%
CVE-2025-66024 Maven HIGH PATCH GHSA This Week

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...

XSS Privilege Escalation Blog Application
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-15558 Go HIGH PATCH GHSA This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft Privilege Escalation
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-12801 MEDIUM PATCH This Month

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]

Privilege Escalation Openshift Container Platform Enterprise Linux Nfs Utils
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-70342 MEDIUM POC PATCH This Month

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]

Privilege Escalation Erase Install
NVD GitHub
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-21424 MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-21421 MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-27012 PHP CRITICAL POC Act Now

Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.

PHP Privilege Escalation Authentication Bypass Openstamanager
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-24502 HIGH This Week

Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).

Privilege Escalation Dell
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-63909 HIGH POC This Week

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]

Privilege Escalation Authentication Bypass Tranzman
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-2637 HIGH This Week

Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.

Privilege Escalation Ntfs For Mac
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-15595 HIGH This Week

A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.

Privilege Escalation Inno Setup
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1492 CRITICAL POC Act Now

Privilege escalation in User Registration & Membership WordPress plugin.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-1566 HIGH This Week

Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21882 Cargo HIGH PATCH This Week

Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0047 HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0038 HIGH PATCH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0037 HIGH PATCH This Week

Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0035 HIGH This Week

An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0034 HIGH This Week

Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0032 HIGH PATCH This Week

A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0031 HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0030 HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0029 HIGH PATCH This Week

Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0028 HIGH PATCH This Week

Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0027 MEDIUM PATCH This Month

The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.

Use After Free Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-0026 HIGH This Week

Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0025 HIGH This Week

Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0023 HIGH This Week

Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-0021 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0020 HIGH This Week

Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0017 HIGH This Week

Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-0013 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0011 HIGH This Week

Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0010 HIGH This Week

Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0008 HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2026-0007 HIGH This Week

Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.6
EPSS
0.0%
CVE-2025-48654 HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48653 HIGH This Week

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48650 HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48646 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48645 HIGH This Week

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48641 HIGH This Week

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48636 HIGH This Week

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48635 HIGH This Week

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-48634 HIGH This Week

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48630 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).

Privilege Escalation Information Disclosure Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48619 HIGH This Week

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48613 HIGH This Week

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48605 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48602 HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48582 HIGH This Week

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48579 HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48578 HIGH This Week

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48577 HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48574 HIGH This Week

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-48568 HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-48567 HIGH This Week

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32313 HIGH This Week

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2024-31328 HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20444 MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20443 MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20441 MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20440 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20438 MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-20436 MEDIUM This Month

The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Nbiot Sdk
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20434 HIGH This Week

Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Nr17 Lr13 Nr16 Lr12a +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-20430 HIGH This Week

OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.

Privilege Escalation Openwrt Software Development Kit
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-20428 MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20427 MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20426 MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20425 MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-20423 HIGH This Week

Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).

Privilege Escalation Nbiot Sdk
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-20416 HIGH This Week

Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-27939 PHP HIGH PATCH This Week

Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.

Laravel Privilege Escalation Statamic
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-25147 HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
7.1
EPSS
0.1%
CVE-2026-3223 HIGH This Week

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

Google Privilege Escalation Path Traversal
NVD
CVSS 4.0
8.4
EPSS
0.0%
EPSS 0% CVSS 3.3
LOW Monitor

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 3.3).

Privilege Escalation
NVD
EPSS 0% CVSS 10.0
CRITICAL POC Act Now

Plaintext daemon credentials in IDC SFX2100 routing config files (zebra, bgpd, ospfd, ripd). CVSS 10.0. PoC available.

IoT BGP Privilege Escalation +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in LMS Elementor Pro WordPress plugin.

Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices contains a security vulnerability (CVSS 7.1).

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Privilege escalation in Amelia booking plugin through version 1.2.38 allows high-privileged users to gain unauthorized elevated access due to improper privilege assignment. An authenticated attacker with administrative credentials can exploit this vulnerability to compromise system integrity and confidentiality. No patch is currently available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in IDC SFX2100 Satellite Receiver firmware occurs due to overly permissive file system permissions (0777) on a privileged user's home directory, allowing any local user to read, write, and execute files within it. An attacker with local access can leverage highly privileged processes and binaries in this directory to escalate their privileges on the system. Public exploit code exists for this vulnerability, and no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Ups Multi-Ups Management Console versions up to 01.06.0001_\(a03\) is affected by incorrect default permissions (CVSS 7.8).

Privilege Escalation RCE Ups Multi Ups Management Console
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Sfx2100 Firmware versions up to - is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Sfx2100 Satellite Receiver firmware contains multiple SUID root binaries in predictable locations that allow local privilege escalation from the monitor user to root. Public exploit code exists for this vulnerability, enabling any local user with monitor privileges to gain complete system control. A patch is not currently available, leaving affected devices vulnerable to privilege escalation attacks.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Local privilege escalation in IDC SFX2100 firmware affects Linux systems through a SUID binary vulnerable to PATH hijacking, symlink abuse, and shared object hijacking. A local attacker can exploit this to gain root-level privileges, and public exploit code is available. No patch is currently available to address this HIGH severity vulnerability.

Linux Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Privileged file disclosure in IDC SFX2100 satellite receiver firmware results from a setuid-enabled date binary that allows local users to read root-owned files including /etc/shadow and other sensitive configuration data. A local attacker can leverage publicly available exploit techniques to gain unauthorized access to confidential system information. Public exploit code exists for this vulnerability, though no patch is currently available.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The setuid bit on the /sbin/ip utility in IDC SFX2100 satellite receiver firmware allows local users to execute privileged operations as root, enabling unauthorized file reads and potential privilege escalation attacks. Public exploit code exists for this vulnerability, and affected users have no available patch. This vulnerability impacts any local user with access to the device.

Privilege Escalation Sfx2100 Firmware
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions prior to 1.35.4 fail to properly enforce collection management permissions, allowing authenticated users with Manager roles to perform restricted management operations on collections where they lack authorization. An attacker with valid credentials can exploit this privilege escalation to modify or control collections they should not have access to. No patch is currently available for affected deployments.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Vaultwarden versions before 1.35.4 contain a privilege escalation vulnerability that allows authenticated Manager-level users to modify permissions on collections they should not have access to. An attacker with Manager role can exploit this during bulk permission updates to gain unauthorized access to sensitive collections. A patch is available in version 1.35.4 and should be applied immediately.

Privilege Escalation Vaultwarden Red Hat
NVD GitHub
EPSS 0% CVSS 8.6
HIGH PATCH This Week

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Versions prior to 9.15.7 are vulnerable to Stored Cross-Site Scripting (XSS) via the Blog Post Title. The vulnerability arises because the post title is injected directly into the HTML <title> tag without proper escaping. An attacker with permissions to create or edit blog posts can inject malicious J...

XSS Privilege Escalation Blog Application
NVD GitHub
EPSS 0% CVSS 7.0
HIGH PATCH This Week

Local privilege escalation in Docker CLI for Windows (through version 29.1.5) lets a low-privileged user plant malicious CLI-plugin binaries that execute when a higher-privileged victim runs Docker. Because C:\ProgramData\Docker\cli-plugins does not exist by default, any local user can create it and drop trojanized binaries such as docker-compose.exe or docker-buildx.exe, which Docker Desktop or the CLI plugin manager will load and execute. EPSS is very low (0.01%) and there is no public exploit identified at time of analysis, but ZDI tracked the issue (ZDI-CAN-28304) and a vendor patch is available.

Docker Command Line Interface Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. [CVSS 6.5 MEDIUM]

Privilege Escalation Openshift Container Platform Enterprise Linux +1
NVD
EPSS 0% CVSS 6.6
MEDIUM POC PATCH This Month

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. [CVSS 6.6 MEDIUM]

Privilege Escalation Erase Install
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Powerscale Onefs versions up to 9.10.1.6 is affected by execution with unnecessary privileges (CVSS 6.7).

Privilege Escalation Dell Powerscale Onefs
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation and auth bypass in OpenSTAManager 2.9.8. PoC available.

PHP Privilege Escalation Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Command \| Intel Vpro Out Of Band versions up to 4.7.0 is affected by uncontrolled search path element (CVSS 8.8).

Privilege Escalation Dell
NVD
EPSS 0% CVSS 7.2
HIGH POC This Week

Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. [CVSS 7.2 HIGH]

Privilege Escalation Authentication Bypass Tranzman
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

Local privilege escalation in iBoysoft NTFS for Mac 8.0.0 allows authenticated macOS users to gain root access through the ntfshelperd privileged helper daemon. The daemon exposes an unauthenticated NSConnection service running as root, enabling any local user with standard privileges to communicate directly with the root-level service and execute privileged operations. EPSS probability is very low (0.02%, 6th percentile) with no confirmed active exploitation or public POC at time of analysis, suggesting limited real-world targeting despite high technical severity.

Privilege Escalation Ntfs For Mac
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A privilege escalation vulnerability in Inno Setup 6.2.1 and earlier versions allows local attackers to gain elevated privileges through DLL hijacking. This vulnerability requires user interaction but no authentication, enabling attackers to execute arbitrary code with higher privileges by placing a malicious DLL in a location searched by the installer. While not currently listed in CISA KEV, the vulnerability has a moderate EPSS score of 0.043% and affects a widely-used Windows installer creation tool.

Privilege Escalation Inno Setup
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation in User Registration & Membership WordPress plugin.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated agents in the LatePoint WordPress plugin versions up to 5.2.7 can arbitrarily link customer accounts to any user ID during account creation, enabling privilege escalation to administrator accounts. An attacker with agent-level access can exploit this to reset an administrator's password and gain full site control. No patch is currently available.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in theshit command-line utility versions prior to 0.2.0 allows unprivileged users to execute arbitrary commands with elevated privileges through improper privilege dropping during command re-execution. An attacker with local access can exploit this vulnerability to gain root or elevated system access. No patch is currently available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Android versions up to - contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's ffa.c component allows unauthenticated attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in multiple functions and requires only local access to exploit. A patch is available to address this high-severity flaw.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An Android MediaProvider logic error allows local applications to obtain unauthorized read and write access to arbitrary files, enabling privilege escalation without requiring additional permissions or user interaction. This vulnerability affects the createRequest function and permits apps to manipulate file access controls beyond their intended scope. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Improper input validation in Android's ManagedServices notification policy handler allows local attackers to escalate privileges without requiring additional permissions or user interaction. An attacker can exploit this flaw to desynchronize notification policies and gain elevated system privileges on the affected device. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A logic error in Android's mem_protect.c enables local attackers to write out-of-bounds memory and escalate privileges without requiring additional permissions or user interaction. This vulnerability affects Android devices and can be exploited by any local user to gain elevated system privileges. A patch is available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c results from integer overflow conditions that enable out-of-bounds memory writes, allowing unauthenticated local attackers to gain elevated system privileges without user interaction. The vulnerability affects multiple functions within the memory protection component and is exploitable by any process on the affected device. A patch is available to address this high-severity issue.

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's mem_protect.c allows unprivileged attackers to achieve full system access through an out-of-bounds write caused by insufficient bounds validation. The vulnerability requires no user interaction and can be exploited immediately upon device compromise by any local process.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's pKVM hypervisor initialization allows unprivileged attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability stems from a logic error in the __pkvm_init_vm function that fails to properly validate memory operations during VM setup. A patch is available to address this high-severity flaw affecting Android devices.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 8.4
HIGH PATCH This Week

Local privilege escalation in Android's __pkvm_host_share_guest function allows unprivileged attackers to achieve kernel-level code execution through integer overflow-induced out-of-bounds memory writes. The vulnerability requires no user interaction and can be exploited directly from any local context on affected devices. A patch is available to address this high-severity flaw.

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

The ARM SMMU v3 driver in Android contains a use-after-free vulnerability in the smmu_detach_dev function that could allow a local privileged attacker to execute arbitrary code with system privileges. An attacker with high-level system access can trigger an out-of-bounds write to escalate privileges without requiring user interaction. A patch is available to address this issue.

Use After Free Privilege Escalation Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Android's PermissionManagerServiceImpl allows an attacker to override system permissions through a logic error in the removePermission function. An unprivileged local attacker can exploit this vulnerability with user interaction to gain elevated privileges. No patch is currently available and exploitation requires physical or local access to the device.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Unauthorized information disclosure in Android's Notification.java hasImage method allows local attackers to bypass permission checks and access sensitive data across user accounts without requiring elevated privileges or user interaction. This permissions bypass can lead to local privilege escalation on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper permission validation in Android's PackageInstallerService allows a local app to modify its own package ownership without requiring elevated privileges, enabling privilege escalation. An attacker with a malicious app installed on the device can exploit this flaw without user interaction to gain unauthorized access to system resources. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 is affected by authorization bypass through user-controlled key (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Biometric authentication bypass in Android's BiometricService allows local attackers to enable fingerprint unlock through a logic error, resulting in privilege escalation without requiring user interaction or special permissions. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Android's Settings.java enableSystemPackageLPw function allows unauthenticated local attackers to manipulate location access controls through a logic error, requiring no user interaction. An attacker with local access can exploit this vulnerability to gain elevated privileges and bypass location permission enforcement. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Local privilege escalation in Android's DRM manager service allows unprivileged processes to achieve system-level access through an out-of-bounds memory write in the IDrmManagerService transaction handler. The vulnerability requires no user interaction and can be exploited immediately upon execution, making it a direct path to elevated privileges on affected Android devices. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Android versions up to 14.0 is affected by improper restriction of rendered ui layers or frames (CVSS 8.6).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 16.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In loadDataAndPostValue of multiple files, there is a possible way to obscure permission usage due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible information disclosure due to SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

SQLi Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In loadDescription of DeviceAdminInfo.java, there is a possible persistent package due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In multiple functions of Nfc.h, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In openFile of BugreportContentProvider.java, there is a possible way to read and write unauthorized files due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Path Traversal Android +1
NVD
EPSS 0% CVSS 7.7
HIGH This Week

In multiple functions of TaskFragmentOrganizerController.java, there is a possible activity token leak due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.7 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.3 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 7.4).

Privilege Escalation Information Disclosure Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple functions of ContentProvider.java, there is a possible way for an app with read-only access to truncate files due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In VBMeta, there is a possible way to modify and resign VBMeta using a test key, assuming the original image was previously signed with the same key. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In exitKeyguardAndFinishSurfaceBehindRemoteAnimation of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In multiple locations, there is a possible way to delete media without the MANAGE_EXTERNAL_STORAGE permission due to an intent redirect. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege with no additional execution privileges needed (CVSS 8.4).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple functions of KeyguardViewMediator.java, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.4
HIGH This Week

In multiple locations, there is a possible lockscreen bypass due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.4 HIGH]

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In UsageEvents of UsageEvents.java, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.4 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In broadcastIntentLockedTraced of BroadcastController.java, there is a possible way to launch arbitrary activities from the background on the paired companion phone due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. [CVSS 8.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display module stems from insufficient bounds checking in memory operations, allowing system-level attackers to corrupt memory and gain elevated privileges without user interaction. The vulnerability affects Android devices where an adversary with existing system privileges can exploit this flaw to further escalate their access. No patch is currently available for this issue.

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation in Android's display subsystem exploits a use-after-free memory corruption vulnerability to elevate from system-level privileges, requiring no user interaction. An attacker with pre-existing system access can trigger the memory corruption to gain complete control over the affected device. No patch is currently available to remediate this issue.

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's MAE component contains an out-of-bounds write vulnerability due to insufficient bounds checking that enables local privilege escalation for attackers with existing system-level access. This memory corruption flaw requires no user interaction and could allow a privileged malicious actor to achieve arbitrary code execution, though exploitation is currently not publicly documented. No patch is currently available for this vulnerability.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.4).

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The Nbiot SDK's wlan STA driver contains a buffer overflow vulnerability due to missing bounds checking that allows privilege escalation from System-level access. An attacker with existing System privileges can exploit this flaw without user interaction to gain elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Nbiot Sdk
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Privilege escalation in Modem affects Nr17, Lr13, Nr16, Lr12a, and Nr15 devices through an out-of-bounds write vulnerability triggered when connecting to a rogue base station. An attacker controlling a malicious base station can achieve remote code execution and full system compromise without requiring additional privileges or user interaction beyond initial network connection. No patch is currently available for this high-severity vulnerability.

Privilege Escalation Nr17 Lr13 +3
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OpenWrt and its Software Development Kit contain an out-of-bounds write vulnerability in the WLAN access point firmware caused by improper bounds checking, enabling adjacent network attackers to achieve privilege escalation without user interaction or special privileges. The vulnerability carries high severity with complete impact across confidentiality, integrity, and availability, though no patch is currently available.

Privilege Escalation Openwrt Software Development Kit
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper bounds checking in Android's display subsystem enables local privilege escalation for attackers with system-level access, potentially allowing them to execute arbitrary code with elevated privileges. The vulnerability stems from an out-of-bounds write condition that requires no user interaction to exploit. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display subsystem contains a buffer overflow vulnerability stemming from insufficient bounds validation, allowing attackers with system-level privileges to escalate their access further without user interaction. This local privilege escalation affects Android devices and requires an attacker to already possess system privileges, limiting the immediate threat scope. While no patch is currently available, the vulnerability poses a significant risk in multi-user or containerized Android environments where system compromise could lead to complete device control.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display component contains an out-of-bounds write vulnerability due to insufficient bounds checking that could allow a system-privileged attacker to escalate privileges without user interaction. The vulnerability affects devices where an adversary has already obtained system-level access, enabling potential memory corruption and further privilege elevation. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's display module contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling local privilege escalation for attackers who already possess System-level access. The vulnerability requires no user interaction and could allow complete system compromise through memory corruption. No patch is currently available for this medium-severity issue.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Nbiot Sdk contains a vulnerability that allows attackers to local escalation of privilege with User execution privileges needed (CVSS 7.8).

Privilege Escalation Nbiot Sdk
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Local privilege escalation in Android's PCIe driver allows system-level attackers to execute arbitrary code through an out-of-bounds write caused by insufficient bounds validation. Exploitation requires pre-existing system privileges but no user interaction, enabling a compromised system component to gain complete device control. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authenticated Statamic CMS users (versions 6.0.0-6.3.x) can bypass privilege escalation verification checks to gain unauthorized elevated access, potentially enabling unauthorized sensitive operations depending on existing permissions. The vulnerability affects both Statamic and its Laravel framework integration, with a patch available in version 6.4.0.

Laravel Privilege Escalation Statamic
NVD GitHub
EPSS 0% CVSS 7.1
HIGH POC PATCH This Week

OpenEMR versions prior to 8.0.0 allow authenticated portal users to access other patients' protected health information through insecure direct object references (IDOR) in the payment portal, enabling horizontal privilege escalation to view and modify another patient's demographics, invoices, and payment history. The vulnerability stems from accepting patient ID values from user-controlled request parameters instead of validating against the authenticated user's session. Public exploit code exists for this vulnerability.

PHP Privilege Escalation Openemr
NVD GitHub
EPSS 0% CVSS 8.4
HIGH This Week

Arbitrary file write & potential privilege escalation exploiting zip slip vulnerability in Google Web Designer.

Google Privilege Escalation Path Traversal
NVD
Prev Page 14 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy