Skip to main content

Privilege Escalation

13301 CVEs technique

Monthly

CVE-2025-9907 MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. [CVSS 6.7 MEDIUM]

Red Hat Privilege Escalation Information Disclosure
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-12981 CRITICAL Act Now

Privilege escalation in Listee WordPress theme allows unauthenticated attackers to gain administrator access. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-28372 HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-27653 MEDIUM This Month

Soliton Systems installers for Securebrowser For Onegate, Secureworkspace, and Securebrowser II fail to set proper file permissions during installation, enabling local authenticated users to execute arbitrary code with SYSTEM privileges. An attacker with user-level access can exploit this misconfiguration to achieve full system compromise. No patch is currently available.

Privilege Escalation RCE Securebrowser For Onegate Secureworkspace Securebrowser Ii
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2026-28363 npm CRITICAL PATCH Act Now

Validation bypass in OpenClaw tools.exec.safeBins allows shell command execution through GNU long-option abbreviation. Attackers can abuse the 'sort' binary whitelist entry to execute arbitrary commands via abbreviated flags. CVSS 9.9.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2026-25191 HIGH This Week

Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-23703 HIGH This Week

FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2026-27465 Go MEDIUM PATCH This Month

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar resources associated with the service acc (CVSS 6.5).

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-25963 Go MEDIUM PATCH This Month

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template deletion API that allows team administrators to delete certificate templates belonging to other teams. The vulnerability stems from insufficient validation of template ownership during batch deletion operations, enabling cross-team resource destruction that could disrupt certificate-dependent functions like device enrollment and VPN access. A patch is not yet available as of this CVE publication.

Privilege Escalation Fleet Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-27954 MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22721 MEDIUM PATCH This Month

Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.

VMware Broadcom Privilege Escalation Telco Cloud Platform Aria Operations +2
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2026-3179 HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal Data Master
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2026-2914 HIGH This Week

Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-69231 HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.7 HIGH]

XSS Privilege Escalation Openemr
NVD GitHub
CVSS 3.1
8.7
EPSS
0.2%
CVE-2026-24443 HIGH This Week

Eventsentry versions up to 6.0.1.20 contains a vulnerability that allows attackers to privilege escalation (CVSS 8.8).

Privilege Escalation Eventsentry
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-33181 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-33180 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-33179 HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos Cumulus Linux
NVD
CVSS 3.1
8.0
EPSS
0.1%
CVE-2025-1789 MEDIUM This Month

Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]

Privilege Escalation Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-1787 MEDIUM This Month

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]

Privilege Escalation Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-63409 HIGH This Week

Gcom Epon 1Ge Firmware versions up to c00r371v00b01 is affected by improper access control (CVSS 8.8).

Privilege Escalation Gcom Epon 1ge Firmware Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-27568 PHP MEDIUM PATCH This Month

Avideo versions prior to 21.0 allow authenticated attackers to inject malicious JavaScript through improperly sanitized Markdown links in video comments, enabling session hijacking, privilege escalation, and data theft when victims click the links. The vulnerability stems from unsafe Parsedown configuration that fails to block javascript: URI schemes. A patch is available in version 21.0.

Privilege Escalation Avideo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-27208 CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection Api Gateway Deploy
NVD GitHub
CVSS 3.1
9.2
EPSS
0.2%
CVE-2026-2782 CRITICAL PATCH Act Now

Privilege escalation in Firefox Netmonitor component before 148. Second Netmonitor privilege escalation, separate from CVE-2026-2780.

Privilege Escalation Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2780 CRITICAL PATCH Act Now

Privilege escalation in Firefox Netmonitor component before 148. Developer tools component allows escalation from content to higher privileges.

Privilege Escalation Mozilla
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2777 CRITICAL PATCH Act Now

Privilege escalation in Firefox Messaging System component before 148. The inter-process messaging system allows escalation from content to privileged process.

Privilege Escalation Mozilla Thunderbird
NVD VulDB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-27128 PHP MEDIUM PATCH This Month

Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.

Privilege Escalation Race Condition Craft Cms
NVD GitHub
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-63946 HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Pcmanager
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-63945 HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition Ioa
NVD GitHub
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-21420 HIGH PATCH This Week

Dell Repository Manager versions before 3.4.8 suffer from an uncontrolled search path vulnerability that allows local attackers with low privileges to execute arbitrary code and escalate their access. An attacker with local system access and user interaction can exploit improper path handling to inject malicious code into the application's execution flow. A patch is available to remediate this HIGH severity issue affecting the repository management functionality.

Privilege Escalation Repository Manager
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-2998 HIGH This Week

eAI Technologies' ERP application is vulnerable to DLL hijacking attacks that enable authenticated local users to achieve arbitrary code execution by placing a malicious DLL in the application directory. The vulnerability affects any system where non-administrative users have local access and can write to the ERP installation folder. No patch is currently available to remediate this issue.

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27198 PHP HIGH PATCH This Week

Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2492 HIGH This Week

Local privilege escalation in TensorFlow's HDF5 plugin-loading mechanism lets a low-privileged user run arbitrary code as a higher-privileged target user. The flaw stems from TensorFlow loading plugins from an unsecured, attacker-writable search-path location (CWE-427), so an attacker who can already execute low-privileged code plants a malicious plugin that is later loaded in the victim's context. There is no public exploit identified at time of analysis, EPSS risk is very low (0.02%), and it is not listed in CISA KEV, but the issue is credibly reported by Trend Micro ZDI (ZDI-26-116) and patched by upstream and Red Hat.

Privilege Escalation RCE
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-2040 HIGH This Week

PDF-XChange Editor's TrackerUpdate process loads libraries from an unsecured location, enabling local attackers with low-privileged code execution to escalate privileges and run arbitrary code with elevated permissions. This high-severity vulnerability (CVSS 7.3) affects systems where an attacker has already gained initial code execution access. No patch is currently available.

Privilege Escalation
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2026-26725 CRITICAL POC Act Now

Privilege escalation in Print Shop Pro WebDesk v.18.34 via AccessID parameter. PoC available.

Privilege Escalation Print Shop Pro Webdesk
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.2%
CVE-2026-26722 CRITICAL POC Act Now

Privilege escalation in Key Systems Global Facilities Management Software via PIN component. PoC available.

Privilege Escalation Global Facilities Management Software
NVD GitHub
CVSS 3.1
9.4
EPSS
0.1%
CVE-2026-26102 HIGH This Week

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Opds Talon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26101 HIGH This Week

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Opds Talon
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-26100 MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26099 MEDIUM This Month

Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through a crafted request, potentially leading to unauthorized modification of application behavior or settings. With no available patch, this medium-severity issue (CVSS 5.5) poses a risk to systems running the affected version where local user access is possible.

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26098 MEDIUM This Month

Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through crafted requests, potentially leading to unauthorized modification of application behavior. With no available patch and an EPSS score of 0%, this vulnerability currently poses minimal exploitation risk but could allow privilege escalation or security bypass for users with local access to the system.

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26097 MEDIUM This Month

Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges to manipulate configuration file search paths through crafted requests, potentially enabling unauthorized modification of application behavior. An attacker could exploit this to alter critical configuration settings without elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26096 MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-26095 MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-69378 HIGH This Week

XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).

WordPress Privilege Escalation
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2026-26050 HIGH This Week

Arbitrary code execution with administrative privileges in RICOH Job Log Aggregation Tool versions before 1.3.7 due to insecure DLL search path handling. Local attackers with user interaction can execute malicious code by placing a crafted DLL in the installer's search path. No patch is currently available.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2025-67305 CRITICAL Act Now

Hardcoded SSH keys in Ruckus Network Director OVA < 4.5.0.56 for postgres user. Same across all appliances.

PostgreSQL Privilege Escalation
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-15561 HIGH This Week

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named  WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". [CVSS 7.8 HIGH]

Privilege Escalation Worktime
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-25232 Go HIGH POC PATCH This Week

Gogs is an open source self-hosted Git service. [CVSS 8.8 HIGH]

SSH Privilege Escalation Gogs Suse
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1994 CRITICAL Act Now

Privilege escalation via account takeover in s2Member WordPress plugin <= 260127. Broken authentication allows taking over any user account.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-0912 HIGH This Week

Privilege escalation in WordPress Toret Manager plugin through version 1.2.7 allows authenticated subscribers to modify arbitrary site options due to missing capability checks in the trman_save_option functions. An attacker can exploit this to change the default registration role to administrator and enable user registration, granting themselves admin access to the vulnerable site. No patch is currently available.

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-4960 HIGH This Week

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. [CVSS 7.8 HIGH]

macOS AWS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-4521 HIGH This Week

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15041 HIGH This Week

The BackWPup - WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. [CVSS 7.2 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-13851 CRITICAL Act Now

Privilege escalation via registration in Buyent Classified WordPress plugin.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13563 CRITICAL Act Now

Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12882 CRITICAL Act Now

Privilege escalation in Clasifico Listing WordPress plugin <= 2.0.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12845 HIGH This Week

The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15585 This Week

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.

MySQL SQLi Privilege Escalation
NVD
EPSS
0.0%
CVE-2025-15581 This Week

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Privilege Escalation
NVD
EPSS
0.0%
CVE-2025-70064 HIGH POC This Week

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. [CVSS 8.8 HIGH]

Privilege Escalation Hospital Management System
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-15579 This Week

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

RCE Denial Of Service Privilege Escalation Deserialization
NVD
EPSS
0.4%
CVE-2025-33249 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33246 HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. [CVSS 7.8 HIGH]

Privilege Escalation Command Injection Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-33245 PyPI HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 8.0 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-33243 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33241 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2025-33236 HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure AI / ML Nemo
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1937 HIGH This Week

Unauthorized data modification in YayMail WooCommerce Email Customizer WordPress plugin allows unauthenticated attackers to modify email templates, potentially enabling phishing attacks against customers.

WordPress Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-1344 MEDIUM This Month

Enforce Recovery Key Portal is affected by incorrect permission assignment for critical resource (CVSS 6.5).

Privilege Escalation Enforce Recovery Key Portal
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-22769 CRITICAL KEV PATCH THREAT Act Now

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Dell Authentication Bypass Privilege Escalation RCE Recoverpoint For Virtual Machines
NVD
CVSS 3.1
10.0
EPSS
34.2%
Threat
4.5
CVE-2026-23648 HIGH This Week

Improper file permissions on system binaries in Glory RBG-100 recycler systems running ISPK-08 software allow local attackers to overwrite root-owned executables and achieve privilege escalation. An unprivileged user with local access can modify these world-writable binaries to execute arbitrary commands with root privileges. No patch is currently available for this vulnerability.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-67905 HIGH This Week

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. [CVSS 8.7 HIGH]

Privilege Escalation
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2026-2563 LOW Monitor

Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware through improper access controls in the jdcapp_rpc service allows authenticated attackers to escalate privileges over the network. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. The issue affects firmware versions up to 4.5.1.r4533 with no patch currently available.

Privilege Escalation Ax6600 Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2562 LOW Monitor

Ax6600 Firmware versions up to 4.5.1. contains a vulnerability that allows attackers to Remote Privilege Escalation (CVSS 6.3).

Privilege Escalation Ax6600 Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2561 LOW Monitor

Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware (up to version 4.5.1.r4533) allows authenticated remote attackers to escalate privileges through manipulation of the web_get_ddns_uptime function in the jdcweb_rpc component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Privilege Escalation Ax6600 Firmware
NVD VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2026-2538 HIGH This Week

Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 contain an uncontrolled search path vulnerability in Msimg32.dll that allows local attackers with user-level privileges to achieve code execution and system compromise. Exploitation requires high complexity and local access, but successful attacks can result in complete system confidentiality, integrity, and availability breaches. No patch is currently available, and the vendor has not responded to disclosure attempts.

Privilege Escalation
NVD GitHub VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2026-26369 CRITICAL POC Act Now

eNet SMART HOME server has a privilege escalation vulnerability enabling low-privileged users to gain admin access to the home automation system.

Privilege Escalation Enet Smart Home
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-26368 HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 suffer from missing authorization checks in the resetUserPassword JSON-RPC method, allowing any authenticated low-privileged user to reset passwords for administrative accounts without proper verification. Public exploit code exists for this vulnerability, enabling attackers to achieve immediate privilege escalation and gain full administrative control over the smart home system. No patch is currently available, leaving deployed instances vulnerable to account takeover attacks.

Privilege Escalation Enet Smart Home
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1750 HIGH This Week

Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin) versions up to 7.0.7. is affected by improper privilege management (CVSS 8.8).

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-8572 CRITICAL Act Now

Privilege escalation in Truelysell Core WordPress plugin <= 1.8.7. Insufficient role validation allows elevation.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-2144 HIGH This Week

Privilege escalation in the Magic Login Mail or QR Code WordPress plugin (versions up to 2.05) allows unauthenticated attackers to hijack any user account, including administrator accounts, by exploiting a race condition in QR code file handling. The plugin creates QR code login images with predictable filenames in the public uploads directory and fails to delete them immediately after email transmission, enabling attackers to intercept the encoded login URLs. An attacker can trigger login requests for arbitrary users and extract valid authentication tokens during the window before file cleanup occurs.

WordPress Privilege Escalation Authentication Bypass
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-15157 HIGH This Week

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26334 HIGH This Week

Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Verasmart
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-1790 MEDIUM This Month

Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Privilege Escalation Microsoft
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2026-23111 HIGH PATCH CISA Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables module allows local attackers with unprivileged access to cause memory corruption and denial of service through an inverted logic check in catchall map element activation during failed transactions. The flaw occurs in nft_map_catchall_activate() which incorrectly processes already-active elements instead of inactive ones, potentially leading to privilege escalation or system crash. No patch is currently available.

Linux Use After Free Privilege Escalation Memory Corruption
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-1618 HIGH This Week

Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escalate their privileges through an alternate access path. An attacker with valid credentials can exploit this flaw to gain unauthorized elevated access to the system. No patch is currently available.

Privilege Escalation Authentication Bypass Flexcity
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14349 HIGH This Week

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]

Privilege Escalation Authentication Bypass Flexcity
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-26225 Monitor

Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation
NVD
EPSS
0.0%
CVE-2026-26224 Monitor

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation Race Condition
NVD
EPSS
0.0%
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

A flaw was found in the Red Hat Ansible Automation Platform, Event-Driven Ansible (EDA) Event Stream API. This vulnerability allows exposure of sensitive client credentials and internal infrastructure headers via the test_headers field when an event stream is in test mode. [CVSS 6.7 MEDIUM]

Red Hat Privilege Escalation Information Disclosure
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Listee WordPress theme allows unauthenticated attackers to gain administrator access. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.4
HIGH POC PATCH This Week

Inetutils versions up to 2.7 is affected by inclusion of functionality from untrusted control sphere (CVSS 7.4).

Linux Privilege Escalation Inetutils
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Soliton Systems installers for Securebrowser For Onegate, Secureworkspace, and Securebrowser II fail to set proper file permissions during installation, enabling local authenticated users to execute arbitrary code with SYSTEM privileges. An attacker with user-level access can exploit this misconfiguration to achieve full system compromise. No patch is currently available.

Privilege Escalation RCE Securebrowser For Onegate +2
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL PATCH Act Now

Validation bypass in OpenClaw tools.exec.safeBins allows shell command execution through GNU long-option abbreviation. Attackers can abuse the 'sort' binary whitelist entry to execute arbitrary commands via abbreviated flags. CVSS 9.9.

Authentication Bypass Privilege Escalation Openclaw
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in FinalCode Client installer (Digital Arts Inc.) results from unsafe DLL loading that allows an attacker to place a malicious library in the same directory as the installer and execute it with elevated privileges when a user runs the installation. This local attack requires user interaction to place the malicious file and execute the installer, but poses significant risk as there is currently no available patch.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

FinalCode Client installer by Digital Arts Inc. improperly configures file permissions, enabling local non-administrative users to execute arbitrary code with SYSTEM-level privileges. This privilege escalation affects all users of the affected installer versions and allows attackers to achieve complete system compromise. No patch is currently available for this vulnerability.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Fleet versions up to 4.80.1 contains a vulnerability that allows attackers to unauthorized access to Google Calendar resources associated with the service acc (CVSS 6.5).

Privilege Escalation Fleet Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Fleet device management software versions before 4.80.1 contain an authorization bypass in the certificate template deletion API that allows team administrators to delete certificate templates belonging to other teams. The vulnerability stems from insufficient validation of template ownership during batch deletion operations, enabling cross-team resource destruction that could disrupt certificate-dependent functions like device enrollment and VPN access. A patch is not yet available as of this CVE publication.

Privilege Escalation Fleet Suse
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Live Helper Chat is an open-source application that enables live support websites. [CVSS 6.5 MEDIUM]

PHP Privilege Escalation Live Helper Chat
NVD GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileges to administrative level within Aria Operations. The vulnerability affects multiple Broadcom products including Telco Cloud Platform, Aria Operations, and Cloud Foundation, requiring administrative intervention but no user interaction to exploit. Patches are available through VMSA-2026-0001.

VMware Broadcom Privilege Escalation +4
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Arbitrary file write vulnerability in Data Master ADM versions 4.1.0-4.3.3.ROF1 and 5.0.0-5.1.2.RE51 allows remote or man-in-the-middle attackers to bypass filename sanitization in FTP backup operations and place malicious files outside the intended directory. An attacker can exploit this path traversal flaw to overwrite critical system files and potentially execute code with elevated privileges. No patch is currently available, and exploitation requires moderate attack complexity but no user interaction.

RCE Privilege Escalation Path Traversal +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Unauthorized privilege escalation in CyberArk Endpoint Privilege Manager Agent versions 25.10.0 and earlier allows local authenticated users to elevate privileges by exploiting flaws in the elevation dialog mechanism. An attacker with local access and valid credentials could bypass privilege controls to gain elevated system access. No patch is currently available for this high-severity vulnerability (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
EPSS 0% CVSS 8.7
HIGH POC PATCH This Week

OpenEMR is a free and open source electronic health records and medical practice management application. [CVSS 8.7 HIGH]

XSS Privilege Escalation Openemr
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Eventsentry versions up to 6.0.1.20 contains a vulnerability that allows attackers to privilege escalation (CVSS 8.8).

Privilege Escalation Eventsentry
NVD
EPSS 0% CVSS 7.3
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 7.3 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could inject a command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 8.0
HIGH This Week

NVIDIA Cumulus Linux and NVOS products contain a vulnerability in the NVUE interface, where a low-privileged user could run an unauthorized command. A successful exploit of this vulnerability might lead to escalation of privileges. [CVSS 8.0 HIGH]

Linux Privilege Escalation Nvos +1
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Local privilege escalation in Genetec Update Service. An authenticated, low-privileged, Windows user could exploit this vulnerability to gain elevated privileges on the affected system. [CVSS 7.8 HIGH]

Privilege Escalation Microsoft
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Local admin could to leak information from the Genetec Update Service configuration web page. An authenticated, admin privileged, Windows user could exploit this vulnerability to gain elevated privileges in the Genetec Update Service. [CVSS 4.2 MEDIUM]

Privilege Escalation Microsoft
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Gcom Epon 1Ge Firmware versions up to c00r371v00b01 is affected by improper access control (CVSS 8.8).

Privilege Escalation Gcom Epon 1ge Firmware Authentication Bypass
NVD GitHub
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Avideo versions prior to 21.0 allow authenticated attackers to inject malicious JavaScript through improperly sanitized Markdown links in video comments, enabling session hijacking, privilege escalation, and data theft when victims click the links. The vulnerability stems from unsafe Parsedown configuration that fails to block javascript: URI schemes. A patch is available in version 21.0.

Privilege Escalation Avideo
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL Act Now

OS command injection in bleon-ethical/api-gateway-deploy npm package version 1.0.0. Attack chain enables remote code execution through crafted API gateway deployment configuration.

Docker Privilege Escalation Command Injection +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Privilege escalation in Firefox Netmonitor component before 148. Second Netmonitor privilege escalation, separate from CVE-2026-2780.

Privilege Escalation Mozilla
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Privilege escalation in Firefox Netmonitor component before 148. Developer tools component allows escalation from content to higher privileges.

Privilege Escalation Mozilla
NVD
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Privilege escalation in Firefox Messaging System component before 148. The inter-process messaging system allows escalation from content to privileged process.

Privilege Escalation Mozilla Thunderbird
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Multiple usage tokens in Craft CMS 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22 can be consumed beyond their intended limits due to a race condition in token validation logic where usage checks and database updates are not atomic. An authenticated attacker with access to a valid impersonation token can exploit concurrent requests to bypass usage restrictions and reuse single-use tokens multiple times. Patches are available for affected versions.

Privilege Escalation Race Condition Craft Cms
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent PC Manager app thru 17.10.28554.205 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH POC This Week

A privilege escalation (PE) vulnerability in the Tencent iOA app thru 210.9.28693.621001 on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. [CVSS 7.4 HIGH]

Windows Privilege Escalation Race Condition +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Dell Repository Manager versions before 3.4.8 suffer from an uncontrolled search path vulnerability that allows local attackers with low privileges to execute arbitrary code and escalate their access. An attacker with local system access and user interaction can exploit improper path handling to inject malicious code into the application's execution flow. A patch is available to remediate this HIGH severity issue affecting the repository management functionality.

Privilege Escalation Repository Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

eAI Technologies' ERP application is vulnerable to DLL hijacking attacks that enable authenticated local users to achieve arbitrary code execution by placing a malicious DLL in the application directory. The vulnerability affects any system where non-administrative users have local access and can write to the ERP installation folder. No patch is currently available to remediate this issue.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Formwork CMS versions 2.0.0 through 2.3.3 fail to validate user privileges during account creation, allowing authenticated editors to create admin accounts and gain full CMS control. An attacker with editor-level access can exploit this authorization bypass to escalate privileges without restriction, completely compromising the application. A patch is available in version 2.3.4.

Privilege Escalation Formwork
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in TensorFlow's HDF5 plugin-loading mechanism lets a low-privileged user run arbitrary code as a higher-privileged target user. The flaw stems from TensorFlow loading plugins from an unsecured, attacker-writable search-path location (CWE-427), so an attacker who can already execute low-privileged code plants a malicious plugin that is later loaded in the victim's context. There is no public exploit identified at time of analysis, EPSS risk is very low (0.02%), and it is not listed in CISA KEV, but the issue is credibly reported by Trend Micro ZDI (ZDI-26-116) and patched by upstream and Red Hat.

Privilege Escalation RCE
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

PDF-XChange Editor's TrackerUpdate process loads libraries from an unsecured location, enabling local attackers with low-privileged code execution to escalate privileges and run arbitrary code with elevated permissions. This high-severity vulnerability (CVSS 7.3) affects systems where an attacker has already gained initial code execution access. No patch is currently available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Privilege escalation in Print Shop Pro WebDesk v.18.34 via AccessID parameter. PoC available.

Privilege Escalation Print Shop Pro Webdesk
NVD GitHub VulDB
EPSS 0% CVSS 9.4
CRITICAL POC Act Now

Privilege escalation in Key Systems Global Facilities Management Software via PIN component. PoC available.

Privilege Escalation Global Facilities Management Software
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 7.8).

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Owl OPDS 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through a crafted request, potentially leading to unauthorized modification of application behavior or settings. With no available patch, this medium-severity issue (CVSS 5.5) poses a risk to systems running the affected version where local user access is possible.

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local authenticated attackers to manipulate configuration file search paths through crafted requests, potentially leading to unauthorized modification of application behavior. With no available patch and an EPSS score of 0%, this vulnerability currently poses minimal exploitation risk but could allow privilege escalation or security bypass for users with local access to the system.

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Opds Talon 2.2.0.4 contains an uncontrolled search path vulnerability that allows local attackers with user privileges to manipulate configuration file search paths through crafted requests, potentially enabling unauthorized modification of application behavior. An attacker could exploit this to alter critical configuration settings without elevated permissions. No patch is currently available for this vulnerability.

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Opds-Talon versions up to 2.2.0.4 is affected by incorrect permission assignment for critical resource (CVSS 5.5).

Privilege Escalation Opds Talon
NVD
EPSS 0% CVSS 7.2
HIGH This Week

XforWooCommerce Product Filter for WooCommerce prdctfltr contains a security vulnerability (CVSS 7.3).

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution with administrative privileges in RICOH Job Log Aggregation Tool versions before 1.3.7 due to insecure DLL search path handling. Local attackers with user interaction can execute malicious code by placing a crafted DLL in the installer's search path. No patch is currently available.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hardcoded SSH keys in Ruckus Network Director OVA < 4.5.0.56 for postgres user. Same across all appliances.

PostgreSQL Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named  WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". [CVSS 7.8 HIGH]

Privilege Escalation Worktime
NVD
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Gogs is an open source self-hosted Git service. [CVSS 8.8 HIGH]

SSH Privilege Escalation Gogs +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation via account takeover in s2Member WordPress plugin <= 260127. Broken authentication allows taking over any user account.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in WordPress Toret Manager plugin through version 1.2.7 allows authenticated subscribers to modify arbitrary site options due to missing capability checks in the trman_save_option functions. An attacker can exploit this to change the default registration role to administrator and enable user registration, granting themselves admin access to the vulnerable site. No patch is currently available.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. [CVSS 7.8 HIGH]

macOS AWS Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.2
HIGH This Week

The BackWPup - WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. [CVSS 7.2 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation via registration in Buyent Classified WordPress plugin.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Lizza LMS Pro WordPress plugin <= 1.0.3.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Clasifico Listing WordPress plugin <= 2.0.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Tablesome Table - Contact Form DB - WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to unauthorized access of data that leads to privilege escalation due to a missing capability check on the get_table_data() function in versions 0.5.4 to 1.2.1. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0%
This Week

Fileflows versions before 25.05.2 are affected by an authenticated SQL injection vulnerability in the library-file search function. Successful exploitation requires the system to use MySQL as the underlying database and could result in privilege escalation or data exfiltration.

MySQL SQLi Privilege Escalation
NVD
EPSS 0%
This Week

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. [CVSS 8.8 HIGH]

Privilege Escalation Hospital Management System
NVD GitHub
EPSS 0%
This Week

Deserialization of Untrusted Data vulnerability in OpenText™ Directory Services allows Object Injection. The vulnerability could lead to remote code execution, denial of service, or privilege escalation.

RCE Denial Of Service Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework for all platforms contains a vulnerability in the ASR Evaluator utility, where a user could cause a command injection by supplying crafted input to a configuration parameter. [CVSS 7.8 HIGH]

Privilege Escalation Command Injection Information Disclosure +2
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data could cause remote code execution. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 8.0 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution in distributed environments. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where an attacker could cause remote code execution by loading a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

RCE Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA NeMo Framework contains a vulnerability where malicious data created by an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. [CVSS 7.8 HIGH]

Privilege Escalation Code Injection Information Disclosure +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unauthorized data modification in YayMail WooCommerce Email Customizer WordPress plugin allows unauthenticated attackers to modify email templates, potentially enabling phishing attacks against customers.

WordPress Privilege Escalation Authentication Bypass
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Enforce Recovery Key Portal is affected by incorrect permission assignment for critical resource (CVSS 6.5).

Privilege Escalation Enforce Recovery Key Portal
NVD
EPSS 34% 4.5 CVSS 10.0
CRITICAL KEV PATCH THREAT Act Now

Dell RecoverPoint for Virtual Machines prior to 6.0.3.1 HF1 contains hardcoded credentials (CVE-2026-22769, CVSS 10.0) that allow unauthenticated remote attackers with knowledge of the credentials to gain root-level access to the underlying operating system. KEV-listed, this vulnerability exposes disaster recovery infrastructure to complete compromise, potentially affecting the integrity of backup and replication data.

Dell Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper file permissions on system binaries in Glory RBG-100 recycler systems running ISPK-08 software allow local attackers to overwrite root-owned executables and achieve privilege escalation. An unprivileged user with local access can modify these world-writable binaries to execute arbitrary commands with root privileges. No patch is currently available for this vulnerability.

Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic link, a related issue to CVE-2023-28892. [CVSS 8.7 HIGH]

Privilege Escalation
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware through improper access controls in the jdcapp_rpc service allows authenticated attackers to escalate privileges over the network. Public exploit code exists for this vulnerability, and the vendor has not responded to disclosure attempts. The issue affects firmware versions up to 4.5.1.r4533 with no patch currently available.

Privilege Escalation Ax6600 Firmware
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Ax6600 Firmware versions up to 4.5.1. contains a vulnerability that allows attackers to Remote Privilege Escalation (CVSS 6.3).

Privilege Escalation Ax6600 Firmware
NVD VulDB
EPSS 0% CVSS 2.1
LOW Monitor

Remote privilege escalation in JingDong JD Cloud Box AX6600 firmware (up to version 4.5.1.r4533) allows authenticated remote attackers to escalate privileges through manipulation of the web_get_ddns_uptime function in the jdcweb_rpc component. Public exploit code exists for this vulnerability, and no patch is currently available from the vendor.

Privilege Escalation Ax6600 Firmware
NVD VulDB
EPSS 0% CVSS 7.0
HIGH This Week

Flos Freeware Notepad2 versions 4.2.22 through 4.2.25 contain an uncontrolled search path vulnerability in Msimg32.dll that allows local attackers with user-level privileges to achieve code execution and system compromise. Exploitation requires high complexity and local access, but successful attacks can result in complete system confidentiality, integrity, and availability breaches. No patch is currently available, and the vendor has not responded to disclosure attempts.

Privilege Escalation
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

eNet SMART HOME server has a privilege escalation vulnerability enabling low-privileged users to gain admin access to the home automation system.

Privilege Escalation Enet Smart Home
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 suffer from missing authorization checks in the resetUserPassword JSON-RPC method, allowing any authenticated low-privileged user to reset passwords for administrative accounts without proper verification. Public exploit code exists for this vulnerability, enabling attackers to achieve immediate privilege escalation and gain full administrative control over the smart home system. No patch is currently available, leaving deployed instances vulnerable to account takeover attacks.

Privilege Escalation Enet Smart Home
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin) versions up to 7.0.7. is affected by improper privilege management (CVSS 8.8).

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Truelysell Core WordPress plugin <= 1.8.7. Insufficient role validation allows elevation.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Privilege escalation in the Magic Login Mail or QR Code WordPress plugin (versions up to 2.05) allows unauthenticated attackers to hijack any user account, including administrator accounts, by exploiting a race condition in QR code file handling. The plugin creates QR code login images with predictable filenames in the public uploads directory and fails to delete them immediately after email transmission, enabling attackers to intercept the encoded login URLs. An attacker can trigger login requests for arbitrary users and extract valid authentication tokens during the window before file cleanup occurs.

WordPress Privilege Escalation Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Starfish Review Generation & Marketing for WordPress plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'srm_restore_options_defaults' function in all versions up to, and including, 3.1.19. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Calero VeraSMART versions before 2026 R1 stems from hardcoded AES encryption keys embedded in Veramark.Framework.dll that protect service account credentials stored in app.settings. An attacker with local system access can extract these static keys, decrypt the stored passwords, and use the recovered credentials to authenticate as the service account, potentially gaining elevated privileges depending on that account's permissions. No patch is currently available for this vulnerability.

Windows Privilege Escalation Verasmart
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system.

Privilege Escalation Microsoft
NVD
EPSS 0% CVSS 7.8
HIGH PATCH Act Now

A use-after-free vulnerability in the Linux kernel's netfilter nf_tables module allows local attackers with unprivileged access to cause memory corruption and denial of service through an inverted logic check in catchall map element activation during failed transactions. The flaw occurs in nft_map_catchall_activate() which incorrectly processes already-active elements instead of inactive ones, potentially leading to privilege escalation or system crash. No patch is currently available.

Linux Use After Free Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Flexcity versions before 1.0.36 contain an authentication bypass vulnerability that allows authenticated users to escalate their privileges through an alternate access path. An attacker with valid credentials can exploit this flaw to gain unauthorized elevated access to the system. No patch is currently available.

Privilege Escalation Authentication Bypass Flexcity
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Privilege Defined With Unsafe Actions, Missing Authentication for Critical Function vulnerability in Universal Software Inc. FlexCity/Kiosk allows Accessing Functionality Not Properly Constrained by ACLs, Privilege Escalation.This issue affects FlexCity/Kiosk: from 1.0 before 1.0.36. [CVSS 8.8 HIGH]

Privilege Escalation Authentication Bypass Flexcity
NVD VulDB
EPSS 0%
Monitor

Intego Personal Backup, a macOS backup utility that allows users to create scheduled backups and bootable system clones, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation
NVD
EPSS 0%
Monitor

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation +1
NVD
Prev Page 15 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy