Skip to main content

Privilege Escalation

13302 CVEs technique

Monthly

CVE-2022-50926 CRITICAL POC Act Now

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.

Golang Privilege Escalation
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
0.1%
CVE-2022-50808 HIGH POC This Week

CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]

Privilege Escalation RCE
NVD Exploit-DB
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-37186 HIGH This Week

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. [CVSS 7.8 HIGH]

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-71089 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). [CVSS 7.8 HIGH]

Linux Privilege Escalation Red Hat Suse
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36640 HIGH This Week

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. [CVSS 8.8 HIGH]

Windows Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-40942 HIGH This Week

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. [CVSS 8.8 HIGH]

Privilege Escalation Telecontrol Server Basic
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-0511 HIGH This Week

SAP Fiori App Intercompany Balance Reconciliation fails to enforce proper authorization controls, allowing authenticated users to escalate privileges and access or modify sensitive data they should not have permission to view. An attacker with valid credentials can exploit missing access checks to compromise the confidentiality and integrity of financial reconciliation data. No patch is currently available for this vulnerability.

SAP Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-0492 HIGH PATCH This Week

Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).

SAP Privilege Escalation Hana Database
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-12420 CRITICAL Act Now

ServiceNow AI Platform has a user impersonation vulnerability allowing unauthenticated attackers to impersonate any user and perform their authorized actions. ServiceNow has deployed patches to hosted instances and self-hosted updates are available.

Privilege Escalation AI / ML Virtual Agent Api Now Assist Ai Agents
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-46066 CRITICAL Act Now

Automai Director v25.2.0 allows authenticated users to escalate to full administrative privileges with scope change (CVSS 9.9). Low-privileged users can take complete control of the automation platform.

Privilege Escalation Director
NVD GitHub
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-67813 MEDIUM This Month

Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-69274 HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH]

Broadcom Linux Windows Privilege Escalation Dx Netops Spectrum
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-22603 MEDIUM PATCH This Month

OpenProject versions prior to 16.6.2 fail to implement rate-limiting on the unauthenticated password-change endpoint, allowing attackers to conduct brute-force attacks against known user accounts without triggering lockout mechanisms. An attacker can systematically guess passwords using common wordlists and achieve full account compromise, potentially escalating privileges depending on the victim's role within the application. A patch is available in version 16.6.2.

Privilege Escalation Openproject
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-67279 MEDIUM This Month

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format [CVSS 5.3 MEDIUM]

Privilege Escalation Tim Flow
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-67278 MEDIUM This Month

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request [CVSS 6.5 MEDIUM]

Privilege Escalation Tim Flow
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-14736 CRITICAL Act Now

Frontend Admin by DynamiApps WordPress plugin (through 3.28.25) allows unauthenticated privilege escalation to administrator via insufficient role validation. Attackers can register as admins and take full control of the site.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-66315 MEDIUM This Month

Mf258K Pro Firmware versions up to zte_mf258kpro_play_v1.0.0b03 is affected by improper privilege management (CVSS 4.3).

Privilege Escalation Mf258k Pro Firmware
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-68715 CRITICAL POC Act Now

Panda Wireless PWRU0 devices (firmware 2.2.9) expose WAN, LAN, and wireless configuration endpoints without authentication. Remote attackers can modify all network settings. PoC available.

Denial Of Service Privilege Escalation Pwru01 Firmware
NVD GitHub
CVSS 3.1
9.1
EPSS
0.6%
CVE-2026-22043 Cargo CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a privilege escalation where restricted service accounts can self-issue unrestricted credentials by exploiting a flawed deny_only check in the IAM system. PoC available, patch available.

Privilege Escalation Rustfs
NVD GitHub
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-22042 Cargo HIGH POC PATCH This Week

Incorrect IAM permission validation in RustFS prior to version 1.0.0-alpha.79 permits principals with export-only permissions to execute import operations, enabling unauthorized modification of users, groups, policies, and service accounts. Public exploit code exists for this vulnerability, and authenticated attackers can escalate privileges through malicious IAM imports. The issue affects all pre-1.0.0-alpha.79 versions with no patch currently available.

Privilege Escalation Rustfs
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-21427 HIGH This Week

Arbitrary code execution in PIONEER CORPORATION product installers through DLL search path manipulation allows local attackers with user interaction to execute malicious code with installer privileges. The vulnerability affects multiple products and requires user interaction to trigger, potentially compromising system integrity during software installation. No patch is currently available.

Privilege Escalation RCE
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2019-25268 CRITICAL Act Now

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. [CVSS 9.8 CRITICAL]

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2026-22536 This Week

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

Privilege Escalation
NVD
EPSS
0.0%
CVE-2025-66686 MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]

XSS Privilege Escalation Information Disclosure Perch
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-31643 HIGH This Week

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 8.8 HIGH]

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-15018 CRITICAL Act Now

Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-29004 HIGH This Week

Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. [CVSS 8.8 HIGH]

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-60262 CRITICAL POC Act Now

H3C wireless controllers (M102G) and access points (BA1500L) have a vsftpd misconfiguration that grants root ownership to anonymously uploaded FTP files. Attackers can upload malicious files that execute with root privileges, gaining full device control.

Privilege Escalation Mc102 G Firmware Magic Ba1500l Firmware
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-14979 HIGH This Week

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.

Privilege Escalation Apple
NVD GitHub
CVSS 4.0
8.5
EPSS
0.0%
CVE-2020-36916 HIGH POC This Week

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. [CVSS 8.8 HIGH]

Privilege Escalation
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-46696 MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. [CVSS 6.4 MEDIUM]

Privilege Escalation Dell Secure Connect Gateway
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-15001 CRITICAL Act Now

FS Registration Password plugin for WordPress (through 1.0.1) allows unauthenticated password resets for any user. Same vulnerability class as CVE-2025-14996 (AS Password Field) – missing identity verification before password change.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-14996 CRITICAL Act Now

AS Password Field plugin for WordPress (through 2.0.0) allows unauthenticated password resets for any user without identity verification. Like CVE-2025-14998 (Branda), this enables immediate administrator account takeover.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-12793 HIGH This Week

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. [CVSS 7.8 HIGH]

Privilege Escalation RCE Myasus
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20807 MEDIUM This Month

In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20806 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20805 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20804 MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20803 MEDIUM This Month

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20802 MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20801 HIGH This Week

In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Privilege Escalation Race Condition Buffer Overflow
NVD VulDB
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-20800 HIGH This Week

In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20799 HIGH This Week

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20798 HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20797 HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20796 HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 7.8).

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20795 HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20787 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20786 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Denial Of Service Buffer Overflow
NVD VulDB
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20785 MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20784 MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20783 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20782 MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20781 HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation Denial Of Service Buffer Overflow
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20780 HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20779 HIGH This Week

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-20778 HIGH This Week

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-15364 HIGH This Week

Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-59467 HIGH This Week

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. [CVSS 7.5 HIGH]

XSS Privilege Escalation Argentina Afip Invoices
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-14998 CRITICAL Act Now

The Branda WordPress plugin (through 3.4.24) allows unauthenticated attackers to reset any user's password without identity verification, enabling account takeover including administrator accounts. Full site compromise is one password reset away.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-2515 HIGH This Week

Privilege escalation in Eclipse BlueChi, the multi-node systemd service controller used in Red Hat In-Vehicle Operating System (RHIVOS), allows a user holding root on a managed quality-managed (qm) node to write or override systemd service unit files that execute on the controlling host node. Because BlueChi did not deny cross-node proxy/dependency requests by default, a compromised lower-trust node could pivot to the host, leading to unauthorized service execution and full host compromise (CWE-863, Incorrect Authorization). Red Hat scored it 7.2 (High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-68736 PATCH Awaiting Data

Linux kernel Landlock security module fails to properly enforce access controls on disconnected directories (files or directories visible through bind mounts but inaccessible from the mount point after rename/move operations), potentially widening access rights and causing inconsistent access results when sandboxed tasks interact with such paths. The vulnerability affects the Landlock mandatory access control framework's ability to prevent privilege escalation through filesystem operations on out-of-scope paths, requiring the sandboxed task to already possess write access to the bind mount source and read access to the mount point to trigger the issue.

Linux Linux Kernel Privilege Escalation
NVD
EPSS
0.0%
CVE-2025-66211 HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE Privilege Escalation Docker +1
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-58710 HIGH This Week

Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2023-53908 HIGH POC This Week

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD Exploit-DB
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-46288 MEDIUM This Month

Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.

Apple iOS Information Disclosure Privilege Escalation Ipados +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-68239 Monitor

Linux kernel binfmt_misc module fails to restore write access to executable files when error handling closes improperly opened file descriptors, potentially causing subsequent write operations on the same file to fail and creating a denial-of-service condition for legitimate file modifications. The vulnerability affects the bm_register_write() function which uses open_exec() to open executable files with intentionally denied write permissions, but does not call exe_file_allow_write_access() before closing the file on error paths. With an EPSS score of 0.03% (8th percentile), this represents a low exploitation probability; no public exploit has been identified at time of analysis.

Linux Kernel Linux Privilege Escalation
NVD
EPSS
0.0%
CVE-2025-14777 MEDIUM PATCH This Month

Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.

Privilege Escalation Authentication Bypass Red Hat
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-46285 HIGH This Week

Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.

Apple iOS macOS Integer Overflow Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43527 HIGH This Week

Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.

Apple macOS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43512 HIGH This Week

Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.

Apple iOS macOS Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43320 HIGH This Week

macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).

Apple macOS Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-36745 HIGH This Week

Physical access to SolarEdge SE3680H solar inverters allows privilege escalation, remote code execution, and information disclosure through unpatched Linux kernel vulnerabilities. Reported by DIVD CSIRT, this affects SE3680H firmware running outdated kernel subsystems. While CVSS 4.0 scores 7.0 with physical attack vector (AV:P), the presence of RCE and privilege escalation tags indicates high impact once physical proximity is achieved. No EPSS score, KEV listing, or public exploit identified at time of analysis, suggesting limited current exploitation risk for typical deployment scenarios.

RCE Privilege Escalation Linux Se3680H Firmware
NVD
CVSS 4.0
7.0
EPSS
0.4%
CVE-2025-13506 HIGH This Week

Privilege escalation in Nebim V3 ERP versions 2.0.59 through 3.0.0 lets an authenticated database-level attacker pivot from SQL access to operating-system control because the application stack executes with unnecessary privileges (CWE-250). Reported through Turkey's USOM/CERT-TR (advisory TR-25-0450), the issue carries CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:H), and there is no public exploit identified at time of analysis, with EPSS at 0.09% (26th percentile).

Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-67508 Go HIGH PATCH This Week

A command injection vulnerability in gardenctl allows attackers with administrative privileges in a Gardener project to inject malicious commands through crafted credential values when non-POSIX shells (Fish, PowerShell) are used by service operators. The vulnerability affects gardenctl versions 2.11.0 and below, enabling attackers to break out of string contexts and execute arbitrary commands with potentially high impact on confidentiality, integrity, and availability. With an EPSS score of only 0.06% and no known exploitation in the wild or public POC, this represents a lower real-world risk despite the high CVSS score of 8.4.

Command Injection Privilege Escalation Gardenctl Suse
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-65807 Cargo HIGH POC This Week

Local privilege escalation in the sd command-line find-and-replace utility (versions 1.0.0 and earlier, by chmln) allows a local attacker to gain root privileges through a crafted command. The flaw stems from incorrect privilege assignment (CWE-266) and is exploitable locally with no authentication indicated by the CVSS vector (PR:N), yielding full confidentiality, integrity, and availability compromise. Publicly available exploit code exists (proof-of-concept gist), though the EPSS score is low at 0.18% (8th percentile), and the CVE is not listed in CISA KEV.

Privilege Escalation Sd Suse
NVD GitHub
CVSS 3.1
8.4
EPSS
0.2%
CVE-2025-7073 HIGH This Week

Bitdefender Total Security, Antivirus, Internet Security, and Endpoint Security Tools prior to version 27.0.47.241 allow local attackers with low privileges to execute arbitrary code as SYSTEM through a complex attack chain. The bdservicehost.exe service deletes files from C:\ProgramData\Atc\Feedback without validating symbolic links (CWE-59), enabling arbitrary file deletion that attackers chain with network-triggered file copy operations and filter driver bypass via DLL injection to achieve full privilege escalation. EPSS indicates 0.02% exploitation probability (6th percentile), and no public exploit code or active exploitation has been identified at time of analysis. Vendor has released patches addressing this multi-stage local escalation vector.

Privilege Escalation RCE
NVD VulDB
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-1161 HIGH This Week

Privilege escalation in NomySoft Nomysem (versions through May 2025) allows remote attackers with low privileges to gain elevated rights by abusing improperly used privileged APIs. The CVSS 7.1 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis tempers immediate risk despite the high impact ceiling.

Privilege Escalation
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-14329 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14328 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-14323 HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird Red Hat Suse
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-65271 HIGH PATCH This Week

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

Privilege Escalation Code Injection RCE Azuriom
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-48625 HIGH This Week

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android Google
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-48606 HIGH This Week

CVE-2025-48606 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48639 HIGH This Week

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation XSS Android Google
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-48638 HIGH This Week

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48637 HIGH This Week

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Integer Overflow Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48633 MEDIUM KEV PATCH THREAT Act Now

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available.

Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-48632 HIGH PATCH This Week

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48629 HIGH This Week

CVE-2025-48629 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

WAGO PFC200 G2 PLC (firmware affected) allows privilege escalation through cookie manipulation. Users can modify cookie values to gain admin privileges. PoC available.

Golang Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 8.4
HIGH POC This Week

CoolerMaster MasterPlus 1.8.5 contains an unquoted service path vulnerability in the MPService that allows local attackers to execute code with elevated system privileges. [CVSS 8.4 HIGH]

Privilege Escalation RCE
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. [CVSS 7.8 HIGH]

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). [CVSS 7.8 HIGH]

Linux Privilege Escalation Red Hat +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. [CVSS 8.8 HIGH]

Windows Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. [CVSS 8.8 HIGH]

Privilege Escalation Telecontrol Server Basic
NVD
EPSS 0% CVSS 8.1
HIGH This Week

SAP Fiori App Intercompany Balance Reconciliation fails to enforce proper authorization controls, allowing authenticated users to escalate privileges and access or modify sensitive data they should not have permission to view. An attacker with valid credentials can exploit missing access checks to compromise the confidentiality and integrity of financial reconciliation data. No patch is currently available for this vulnerability.

SAP Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Hana Database versions up to 2.00 is affected by missing authentication for critical function (CVSS 8.8).

SAP Privilege Escalation Hana Database
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

ServiceNow AI Platform has a user impersonation vulnerability allowing unauthenticated attackers to impersonate any user and perform their authorized actions. ServiceNow has deployed patches to hosted instances and self-hosted updates are available.

Privilege Escalation AI / ML Virtual Agent Api +1
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Automai Director v25.2.0 allows authenticated users to escalate to full administrative privileges with scope change (CVSS 9.9). Low-privileged users can take complete control of the automation platform.

Privilege Escalation Director
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Kace Desktop Authority versions up to 11.3.1 is affected by incorrect default permissions (CVSS 5.3).

Privilege Escalation Kace Desktop Authority
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Authorization Bypass Through User-Controlled Key vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Privilege Escalation.This issue affects DX NetOps Spectrum: 24.3.10 and earlier. [CVSS 8.8 HIGH]

Broadcom Linux Windows +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

OpenProject versions prior to 16.6.2 fail to implement rate-limiting on the unauthenticated password-change endpoint, allowing attackers to conduct brute-force attacks against known user accounts without triggering lockout mechanisms. An attacker can systematically guess passwords using common wordlists and achieve full account compromise, potentially escalating privileges depending on the victim's role within the application. A patch is available in version 16.6.2.

Privilege Escalation Openproject
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format [CVSS 5.3 MEDIUM]

Privilege Escalation Tim Flow
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request [CVSS 6.5 MEDIUM]

Privilege Escalation Tim Flow
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Frontend Admin by DynamiApps WordPress plugin (through 3.28.25) allows unauthenticated privilege escalation to administrator via insufficient role validation. Attackers can register as admins and take full control of the site.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Mf258K Pro Firmware versions up to zte_mf258kpro_play_v1.0.0b03 is affected by improper privilege management (CVSS 4.3).

Privilege Escalation Mf258k Pro Firmware
NVD
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

Panda Wireless PWRU0 devices (firmware 2.2.9) expose WAN, LAN, and wireless configuration endpoints without authentication. Remote attackers can modify all network settings. PoC available.

Denial Of Service Privilege Escalation Pwru01 Firmware
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC PATCH Act Now

RustFS (alpha.13 to alpha.78) has a privilege escalation where restricted service accounts can self-issue unrestricted credentials by exploiting a flawed deny_only check in the IAM system. PoC available, patch available.

Privilege Escalation Rustfs
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC PATCH This Week

Incorrect IAM permission validation in RustFS prior to version 1.0.0-alpha.79 permits principals with export-only permissions to execute import operations, enabling unauthorized modification of users, groups, policies, and service accounts. Public exploit code exists for this vulnerability, and authenticated attackers can escalate privileges through malicious IAM imports. The issue affects all pre-1.0.0-alpha.79 versions with no patch currently available.

Privilege Escalation Rustfs
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in PIONEER CORPORATION product installers through DLL search path manipulation allows local attackers with user interaction to execute malicious code with installer privileges. The vulnerability affects multiple products and requires user interaction to trigger, potentially compromising system integrity during software installation. No patch is currently available.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

NREL BEopt 2.8.0.0 contains a DLL hijacking vulnerability that allows attackers to load arbitrary libraries by tricking users into opening application files from remote shares. [CVSS 9.8 CRITICAL]

Privilege Escalation
NVD
EPSS 0%
This Week

The absence of permissions control for the user XXX allows the current configuration in the sudoers file to escalate privileges without any restrictions

Privilege Escalation
NVD
EPSS 0% CVSS 6.1
MEDIUM POC This Month

A stored Cross-Site Scripting (XSS) vulnerability exists in Perch CMS version 3.2. An authenticated attacker with administrative privileges can inject malicious JavaScript code into the “Help button url” setting within the admin panel. [CVSS 6.1 MEDIUM]

XSS Privilege Escalation Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. [CVSS 8.8 HIGH]

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Optional Email plugin for WordPress (through 1.3.11) has a privilege escalation via a filter that leaks predictable password reset keys. The 'random_password' filter affects not just registration but also password reset key generation, making reset tokens guessable.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in AA-Team Premium Age Verification / Restriction for WordPress, AA-Team Responsive Coming Soon Landing Page / Holding Page for WordPress allows Privilege Escalation.This issue affects Premium Age Verification / Restriction for WordPress: from n/a through 3.0.2; Responsive Coming Soon Landing Page / Holding Page for WordPress: from n/a through 3.0. [CVSS 8.8 HIGH]

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

H3C wireless controllers (M102G) and access points (BA1500L) have a vsftpd misconfiguration that grants root ownership to anonymously uploaded FTP files. Attackers can upload malicious files that execute with root privileges, gaining full device control.

Privilege Escalation Mc102 G Firmware Magic Ba1500l Firmware
NVD
EPSS 0% CVSS 8.5
HIGH This Week

AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6.

Privilege Escalation Apple
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. [CVSS 8.8 HIGH]

Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 6.4
MEDIUM This Month

Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. [CVSS 6.4 MEDIUM]

Privilege Escalation Dell Secure Connect Gateway
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

FS Registration Password plugin for WordPress (through 1.0.1) allows unauthenticated password resets for any user. Same vulnerability class as CVE-2025-14996 (AS Password Field) – missing identity verification before password change.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

AS Password Field plugin for WordPress (through 2.0.0) allows unauthenticated password resets for any user without identity verification. Like CVE-2025-14998 (Branda), this enables immediate administrator account takeover.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An uncontrolled DLL loading path vulnerability exists in AsusSoftwareManagerAgent. A local attacker may influence the application to load a DLL from an attacker-controlled location, potentially resulting in arbitrary code execution. [CVSS 7.8 HIGH]

Privilege Escalation RCE Myasus
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In dpe, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Integer Overflow Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In seninf, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Privilege Escalation Race Condition Buffer Overflow
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In mminfra, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In c2ps, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 7.8).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In KeyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 14.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Memory Corruption Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation +2
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Use After Free Memory Corruption Privilege Escalation +2
NVD
EPSS 0% CVSS 7.0
HIGH This Week

In display, there is a possible use after free due to a race condition. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.0 HIGH]

Use After Free Privilege Escalation Race Condition +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. [CVSS 7.8 HIGH]

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Download Manager (WordPress plugin) versions up to 3.3.40. contains a security vulnerability (CVSS 7.3).

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.5
HIGH This Week

A Cross-Site Scripting (XSS) vulnerability in the UCRM Argentina AFIP invoices Plugin (v1.2.0 and earlier) could allow privilege escalation if an Administrator is tricked into visiting a crafted malicious page. This plugin is disabled by default. [CVSS 7.5 HIGH]

XSS Privilege Escalation Argentina Afip Invoices
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The Branda WordPress plugin (through 3.4.24) allows unauthenticated attackers to reset any user's password without identity verification, enabling account takeover including administrator accounts. Full site compromise is one password reset away.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Privilege escalation in Eclipse BlueChi, the multi-node systemd service controller used in Red Hat In-Vehicle Operating System (RHIVOS), allows a user holding root on a managed quality-managed (qm) node to write or override systemd service unit files that execute on the controlling host node. Because BlueChi did not deny cross-node proxy/dependency requests by default, a compromised lower-trust node could pivot to the host, leading to unauthorized service execution and full host compromise (CWE-863, Incorrect Authorization). Red Hat scored it 7.2 (High); there is no public exploit identified at time of analysis and it is not listed in CISA KEV.

Authentication Bypass Privilege Escalation
NVD GitHub
EPSS 0%
PATCH Awaiting Data

Linux kernel Landlock security module fails to properly enforce access controls on disconnected directories (files or directories visible through bind mounts but inaccessible from the mount point after rename/move operations), potentially widening access rights and causing inconsistent access results when sandboxed tasks interact with such paths. The vulnerability affects the Landlock mandatory access control framework's ability to prevent privilege escalation through filesystem operations on out-of-scope paths, requiring the sandboxed task to already possess write access to the bind mount source and read access to the mount point to trigger the issue.

Linux Linux Kernel Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

An authenticated command injection vulnerability in Coolify's PostgreSQL initialization script handling allows attackers with application/service management permissions to execute arbitrary commands as root on managed servers. The vulnerability affects all Coolify versions prior to 4.0.0-beta.451 and enables full remote code execution through unsanitized PostgreSQL init script filenames passed to shell commands. A public proof-of-concept exploit is available, and while not currently in CISA KEV, the vulnerability has a moderate EPSS score of 0.41% indicating some exploitation probability.

Command Injection PostgreSQL RCE +3
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privilege Escalation.This issue affects Hotel Listing: from n/a through <= 1.4.0.

Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH POC This Week

HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM This Month

Local privilege escalation in Apple operating systems (iOS, iPadOS, macOS Tahoe, visionOS, watchOS) allows authenticated applications to bypass payment token access restrictions and obtain sensitive payment credentials. The vulnerability affects all versions prior to the 26.2 release across affected platforms. CVSS 5.5 with low real-world exploitation risk (EPSS 0.01%), no public exploit identified, not listed in CISA KEV.

Apple iOS Information Disclosure +5
NVD
EPSS 0%
Monitor

Linux kernel binfmt_misc module fails to restore write access to executable files when error handling closes improperly opened file descriptors, potentially causing subsequent write operations on the same file to fail and creating a denial-of-service condition for legitimate file modifications. The vulnerability affects the bm_register_write() function which uses open_exec() to open executable files with intentionally denied write permissions, but does not call exe_file_allow_write_access() before closing the file on error paths. With an EPSS score of 0.03% (8th percentile), this represents a low exploitation probability; no public exploit has been identified at time of analysis.

Linux Kernel Linux Privilege Escalation
NVD
EPSS 0% CVSS 6.0
MEDIUM PATCH This Month

Keycloak's admin API endpoints for authorization resource management contain an IDOR vulnerability allowing authenticated administrators with fine-grained permissions for one client to delete or modify resources belonging to other clients within the same realm. The flaw exists in ResourceSetService and PermissionTicketService where authorization checks validate the resourceServer (client) ID from the API request, but backend database operations use only the resourceId, creating a permission bypass. Affected administrators can exploit this with standard HTTP requests to cross-client resource boundaries; no public exploit code identified at time of analysis.

Privilege Escalation Authentication Bypass Red Hat
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation to root on Apple platforms via integer overflow in timestamp handling allows authenticated users with low-level access to fully compromise system integrity and confidentiality. Affects iOS, iPadOS, macOS (Sequoia, Sonoma, Tahoe), tvOS, visionOS, and watchOS prior to February 2025 security updates. Vendor-released patches available across all platforms. EPSS probability is minimal (0.02%, 4th percentile), and no public exploit identified at time of analysis, though the local attack vector with low complexity and authenticated requirement reduces remote exploitation risk but creates insider threat exposure.

Apple iOS macOS +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in macOS Sequoia (pre-15.7.3) and macOS Tahoe (pre-26.2) allows authenticated users with low-level privileges to gain root access via a permissions flaw. Apple addressed the issue with additional restrictions in the latest updates. EPSS score of 0.01% indicates minimal observed exploitation activity, and no public exploit identified at time of analysis.

Apple macOS Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation in Apple macOS (Sonoma 14.x, Sequoia 15.x, Tahoe 26.x) and iOS/iPadOS 18.x allows authenticated users to gain elevated system privileges through malicious applications exploiting a logic flaw in privilege checking mechanisms. Apple has released patches across all affected platforms (iOS 18.7.3, iPadOS 18.7.3, macOS Sequoia 15.7.3, Sonoma 14.8.3, Tahoe 26.2). No public exploit identified at time of analysis, with EPSS score of 0.01% (3rd percentile) indicating minimal observed exploitation activity.

Apple iOS macOS +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

macOS launch constraint bypass enables authenticated local users to execute code with elevated privileges on macOS Sequoia (up to 15.7.2) and macOS Tahoe (pre-26). The vulnerability requires low-complexity exploitation by a user with existing local access, allowing them to circumvent Apple's launch constraint security framework and achieve full system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis, with EPSS indicating only 0.02% probability of exploitation in the wild (5th percentile).

Apple macOS Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Physical access to SolarEdge SE3680H solar inverters allows privilege escalation, remote code execution, and information disclosure through unpatched Linux kernel vulnerabilities. Reported by DIVD CSIRT, this affects SE3680H firmware running outdated kernel subsystems. While CVSS 4.0 scores 7.0 with physical attack vector (AV:P), the presence of RCE and privilege escalation tags indicates high impact once physical proximity is achieved. No EPSS score, KEV listing, or public exploit identified at time of analysis, suggesting limited current exploitation risk for typical deployment scenarios.

RCE Privilege Escalation Linux +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in Nebim V3 ERP versions 2.0.59 through 3.0.0 lets an authenticated database-level attacker pivot from SQL access to operating-system control because the application stack executes with unnecessary privileges (CWE-250). Reported through Turkey's USOM/CERT-TR (advisory TR-25-0450), the issue carries CVSS 8.8 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:H), and there is no public exploit identified at time of analysis, with EPSS at 0.09% (26th percentile).

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.4
HIGH PATCH This Week

A command injection vulnerability in gardenctl allows attackers with administrative privileges in a Gardener project to inject malicious commands through crafted credential values when non-POSIX shells (Fish, PowerShell) are used by service operators. The vulnerability affects gardenctl versions 2.11.0 and below, enabling attackers to break out of string contexts and execute arbitrary commands with potentially high impact on confidentiality, integrity, and availability. With an EPSS score of only 0.06% and no known exploitation in the wild or public POC, this represents a lower real-world risk despite the high CVSS score of 8.4.

Command Injection Privilege Escalation Gardenctl +1
NVD GitHub VulDB
EPSS 0% CVSS 8.4
HIGH POC This Week

Local privilege escalation in the sd command-line find-and-replace utility (versions 1.0.0 and earlier, by chmln) allows a local attacker to gain root privileges through a crafted command. The flaw stems from incorrect privilege assignment (CWE-266) and is exploitable locally with no authentication indicated by the CVSS vector (PR:N), yielding full confidentiality, integrity, and availability compromise. Publicly available exploit code exists (proof-of-concept gist), though the EPSS score is low at 0.18% (8th percentile), and the CVE is not listed in CISA KEV.

Privilege Escalation Sd Suse
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Bitdefender Total Security, Antivirus, Internet Security, and Endpoint Security Tools prior to version 27.0.47.241 allow local attackers with low privileges to execute arbitrary code as SYSTEM through a complex attack chain. The bdservicehost.exe service deletes files from C:\ProgramData\Atc\Feedback without validating symbolic links (CWE-59), enabling arbitrary file deletion that attackers chain with network-triggered file copy operations and filter driver bypass via DLL injection to achieve full privilege escalation. EPSS indicates 0.02% exploitation probability (6th percentile), and no public exploit code or active exploitation has been identified at time of analysis. Vendor has released patches addressing this multi-stage local escalation vector.

Privilege Escalation RCE
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Privilege escalation in NomySoft Nomysem (versions through May 2025) allows remote attackers with low privileges to gain elevated rights by abusing improperly used privileged APIs. The CVSS 7.1 score reflects high attack complexity and required user interaction, and no public exploit identified at time of analysis tempers immediate risk despite the high impact ceiling.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird Netmonitor component allows remote attackers to execute arbitrary code with elevated privileges when users interact with malicious content. Affects Firefox versions prior to 146, Firefox ESR prior to 140.6, Thunderbird prior to 146, and Thunderbird ESR prior to 140.6. Mozilla released patches in January 2025 across all product lines. EPSS score of 0.07% (22nd percentile) indicates low current exploitation probability, with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. CVSS 8.8 reflects the high impact potential despite requiring user interaction.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's Netmonitor component allows unauthenticated remote attackers to gain elevated privileges via user interaction. Affects Firefox <146, Firefox ESR <140.6, Thunderbird <146, and Thunderbird ESR <140.6. With an 8.8 CVSS score but only 0.07% EPSS (22nd percentile), no public exploit identified at time of analysis, and vendor-released patches available. Not listed in CISA KEV, indicating no confirmed active exploitation.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Privilege escalation in Mozilla Firefox and Thunderbird's DOM Notifications component enables unauthenticated remote attackers to achieve high-severity impacts (confidentiality, integrity, availability) via user interaction. Affects Firefox <146, Firefox ESR <115.31 and <140.6, Thunderbird <146 and <140.6. EPSS exploitation probability is low (0.08%, 23rd percentile), and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. Vendor-released patches are available across all affected product lines.

Mozilla Privilege Escalation Thunderbird +2
NVD VulDB
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Client-side template injection (CSTI) in Azuriom CMS admin dashboard allows a low-privilege user to execute arbitrary template code in the context of an administrator's session. This can occur via plugins or dashboard components that render untrusted user input, potentially enabling privilege escalation to an administrative account. Fixed in Azuriom 1.2.7.

Privilege Escalation Code Injection RCE +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Race Condition Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-48606 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.3
HIGH This Week

In DefaultTransitionHandler.java, there is a possible way to unknowingly grant permissions to an app due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

Privilege Escalation XSS Android +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In __pkvm_load_tracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Memory Corruption +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow Privilege Escalation Integer Overflow +2
NVD
EPSS 0% CVSS 5.5
MEDIUM KEV PATCH THREAT Act Now

CVE-2025-48633 is a security vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed). Vendor patch is available.

Privilege Escalation Android Google
NVD VulDB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setDisplayName of AssociationRequest.java, there is a possible way to cause CDM associations to persist after the user has disassociated them due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CVE-2025-48629 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Privilege Escalation Android Google
NVD
Prev Page 18 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy