Privilege Escalation
Monthly
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.
moPS App through version 1.8.618 contains a critical authentication bypass vulnerability (CVE-2024-55585, CVSS 9.0) that allows all authenticated users to access administrative API endpoints without proper authorization checks, enabling unrestricted read and write operations including password resets. This vulnerability is particularly severe as it requires only low privileges (PR:L) to exploit via network access, and the /api/v1/users/resetpassword endpoint demonstrates direct administrative function access. No KEV or active exploitation data is referenced, but the high CVSS score and authentication bypass nature suggest significant real-world risk if exploited.
Missing authorization vulnerability in Christiaan Pieterse MaxiBlocks WordPress plugin (versions up to 2.1.0) that allows authenticated users with low privileges to escalate their access and perform unauthorized actions with high impact. An attacker with basic user credentials can bypass authorization checks to modify content, user accounts, or plugin settings, potentially leading to complete site compromise. The high CVSS score of 8.8 reflects the severe impact, though exploitation requires prior authentication access.
Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an insecure OpenSSL configuration file loading mechanism to achieve SYSTEM-level code execution. The vulnerability requires prior code execution capability on the target system but presents a direct path to full system compromise once initial access is obtained. No active exploitation or public POC has been confirmed at this time, but the moderate CVSS score of 7.8 and CWE-427 classification indicate a meaningful risk to Action1 users.
Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.
Privilege escalation vulnerability in the Rust 'users' crate that incorrectly includes the root group in access control lists when a user or process has fewer than 1024 groups. An authenticated local attacker with low privileges can exploit this flaw to gain unauthorized access to resources restricted to the root group, achieving privilege escalation. The vulnerability requires local access and existing user privileges but has high impact on confidentiality and integrity.
Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14.
Hardcoded administrative account vulnerability in an undocumented system component that cannot be deactivated, allowing local users to gain complete system compromise with high confidentiality, integrity, and availability impact. While the vulnerability carries a critical CVSS 9.4 score, the attack vector is restricted to local access only, significantly reducing real-world network-based exploitation risk. The vulnerability's severity stems from CWE-798 (Use of Hard-Coded Credentials), a foundational authentication bypass mechanism that enables privilege escalation and persistent administrative access.
The WP Email Debug WordPress plugin (versions 1.0-1.1.0) contains a critical privilege escalation vulnerability (CVE-2025-5486) stemming from missing capability checks in the WPMDBUG_handle_settings() function. Unauthenticated attackers can exploit this to modify plugin settings, redirect administrator emails to attacker-controlled addresses, and trigger password resets to gain full administrative access to affected WordPress installations. The CVSS 9.8 score reflects network-based exploitation with zero complexity and no authentication required, representing a critical severity threat with high real-world exploitation potential.
CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.
Permission bypass vulnerability in the media library module that allows unauthenticated local attackers to escalate privileges and gain unauthorized access to sensitive functionality. The vulnerability has a CVSS score of 7.8 (High) and impacts confidentiality, integrity, and availability. While the description indicates only availability impact, the CVSS vector reveals high C/I/A ratings, suggesting attackers can read, modify, or delete protected media assets and potentially disrupt service availability.
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API-even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions.
The HyperComments WordPress plugin versions up to 1.2.2 contain a critical missing capability check vulnerability in the hc_request_handler function that allows unauthenticated remote attackers to modify arbitrary WordPress options without authentication. This can be directly exploited to escalate privileges by changing the default registration role to administrator and enabling user registration, granting attackers immediate administrative access to vulnerable sites. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses an extreme risk to any unpatched WordPress installation using the affected plugin.
Critical authentication bypass vulnerability in FreshRSS versions prior to 1.26.2 that allows authenticated attackers to impersonate any user, including administrators, by exploiting improper HTTP authentication header validation in reverse proxy configurations. Attackers with a valid account can craft requests leveraging CSRF token extraction via XPath scraping and spoofed Remote-User or X-WebAuth-User headers to gain unauthorized access and privilege escalate. The vulnerability requires moderate attack complexity (knowledge of target IP and admin username) but has high real-world impact due to the authentication bypass and privilege escalation chain.
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
Critical authentication bypass vulnerability in Cisco Integrated Management Controller (IMC) across multiple UCS server platforms that allows authenticated remote attackers to escalate privileges and access internal services with elevated permissions via crafted SSH syntax. The vulnerability affects UCS B-Series, C-Series, S-Series, and X-Series servers, enabling attackers to create administrator accounts and modify system configurations. With a CVSS score of 8.8 and low attack complexity requiring only valid credentials, this vulnerability poses significant risk to data center infrastructure and should be prioritized for patching.
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
Local privilege escalation vulnerability in Acronis Cyber Protect 16 (Windows) caused by insecure folder permissions (CWE-732), allowing authenticated local users to escalate privileges with high confidentiality, integrity, and availability impact. The vulnerability affects Windows installations before build 39938, and while the CVSS score of 7.3 indicates significant risk, exploitation requires local access and user interaction. No public indicators confirm active exploitation in the wild or widespread POC availability at this time.
Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.
A remote code execution vulnerability in the MIM Admin service (CVSS 8.9). High severity vulnerability requiring prompt remediation.
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.
The Sunshine Photo Cart plugin for WordPress (versions ≤3.4.11) contains an improper key validation vulnerability in its password reset functionality, allowing authenticated attackers with Subscriber-level privileges to perform privilege escalation by resetting arbitrary user passwords, including administrators. With a CVSS score of 8.8 and a low attack complexity (network-accessible, no user interaction required), this vulnerability poses a critical threat to WordPress installations using this plugin. The vulnerability is likely to be actively exploited given the straightforward attack path and the high-value target (admin account takeover).
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that enables local privilege escalation. An authenticated attacker with local access can exploit this memory safety flaw to gain elevated privileges on affected devices. The vulnerability has a CVSS 3.1 score of 7.8 (High), reflecting high impact on confidentiality, integrity, and availability, though exploitation requires local access and existing user-level privileges.
Critical improper authorization vulnerability in the bskms 蓝天幼儿园管理系统 (Lantian Kindergarten Management System) affecting the /sa/addUser endpoint of the User Creation Handler component. The vulnerability allows unauthenticated remote attackers to bypass authorization controls and manipulate user creation functionality, potentially leading to unauthorized account creation, privilege escalation, or data compromise. The exploit has been publicly disclosed with proof-of-concept code available, and the affected product uses continuous delivery with rolling releases, making precise version tracking difficult.
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, and 2400) that enables privilege escalation. An authenticated attacker with local access can trigger the memory corruption flaw to gain elevated privileges on affected devices. With a CVSS score of 8.8 and network accessibility (AV:N), this represents a critical risk for Samsung mobile device users, particularly if the vulnerability is actively exploited in-the-wild.
CVE-2025-25021 is a security vulnerability (CVSS 7.2) that allows a privileged execute code. High severity vulnerability requiring prompt remediation.
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.
Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package unpacking functionality. An authenticated local attacker with limited privileges can exploit this flaw to write arbitrary files to the system, potentially achieving privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction is not needed, making it a significant risk for multi-user or shared Mac environments.
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) where the snapshot functionality allows a local attacker with user-level privileges to write arbitrary files via hard link exploitation of a root-owned process. An attacker can leverage this to escalate privileges from a normal user to root, potentially achieving full system compromise. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access with low complexity.
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) affecting the Snapshot deletion functionality. A local attacker with standard user privileges can exploit a symlink race condition to manipulate root-owned snapshot files, escalating privileges to root. The vulnerability has a CVSS score of 7.8 (high severity) with low attack complexity, and while specific KEV/EPSS data is not provided, the low complexity and local attack vector suggest moderate real-world exploitation probability.
Privilege escalation vulnerability in Parallels Desktop for Mac 20.1.1 that allows a local attacker with user-level privileges to gain root-level code execution through a hard link attack during virtual machine archive restoration. The prl_vmarchiver tool operates with root privileges during decompression and file restoration, enabling an attacker to redirect writes to arbitrary system files. This vulnerability has a CVSS score of 7.8 (High) with low attack complexity, making it a practical privilege escalation vector for local users on affected systems.
PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Auth bypass account takeover in Golo City Travel Guide WordPress theme.
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.
Local privilege escalation vulnerability in SolarWinds Dameware Mini Remote Control caused by incorrect permission assignments on system resources. An authenticated attacker with low-privilege local access can exploit this vulnerability to gain elevated privileges (SYSTEM/Administrator level), achieving complete system compromise including confidentiality, integrity, and availability violations. This vulnerability requires valid local credentials and user interaction is not required for exploitation, making it a significant risk for multi-user systems or those with shared access.
Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.
CVE-2025-3260 is an authorization bypass vulnerability in Grafana's dashboard API endpoints (/apis/dashboard.grafana.app/*) that allows authenticated users to circumvent dashboard and folder permission controls across all API versions (v0alpha1, v1alpha1, v2alpha1). Affected users with viewer or editor roles can access, modify, or delete dashboards and folders they should not have permission to interact with, while organization isolation boundaries and datasource access controls remain unaffected. With a CVSS score of 8.3 and requiring only low-privilege authentication, this represents a significant risk to multi-tenant Grafana deployments and requires immediate patching.
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, authenticated user with lower privileges to escalate to administrator-level access. Discovered during a penetration test by Truesec, this flaw affects Axis network devices and cameras utilizing the vulnerable VAPIX framework. With a CVSS score of 8.8 and local attack vector, the vulnerability poses significant risk to organizations deploying Axis devices in multi-user or untrusted environments, though it requires prior authentication and local access to exploit.
Privilege escalation in Axis VAPIX framework.
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.
Local privilege escalation vulnerability in Realtek Bluetooth HCI adaptor drivers that exploits a symlink-following flaw (CWE-59) to enable arbitrary file deletion. Local attackers with standard user privileges can create symbolic links to trick the driver into deleting critical system files, subsequently leveraging file deletion to gain elevated privileges. The vulnerability has a CVSS score of 7.8 (High) with complete integrity and confidentiality impact; exploitation status and POC availability require vendor advisory correlation to assess active exploitation risk.
Remote privilege escalation in Android WLAN AP driver via packet injection.
Heap OOB write in Android Bluetooth driver via incorrect bounds check.
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In some cases, Kea log files or lease files may be world-readable.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a possible bypass of carrier restrictions due to an unusual root cause. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.8.4-2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.
Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation.0(20 through 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.9% and no vendor patch available.
Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in CyberDAVA before 1.1.20. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Post-authentication command injection vulnerability in the AT+MFPORTFWD command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, potentially gaining unauthorized access to system resources. As of the CVE publication date, no general fix has been released, and the vulnerability carries a CVSS score of 7.1 with high confidentiality and integrity impact.
Post-authentication command injection vulnerability in the AT+MFMAC command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products. An authenticated local attacker can exploit improper argument delimiter neutralization (CWE-88) to achieve privilege escalation, gaining high-confidence access to sensitive system functions and data. As of the CVE publication date, no general fix has been released, and the vulnerability remains unpatched across affected product lines.
Post-authentication command injection vulnerability in the AT+MFIP command affecting Microhard BulletLTE-NA2 and IPn4Gii-NA2 products, enabling authenticated local attackers to achieve privilege escalation through improper argument delimiter neutralization (CWE-88). With a CVSS 7.1 score and no indication of general fixes at publication, this vulnerability presents a moderate-to-high risk for systems using affected modem/gateway products; exploitation requires local access and valid credentials but no user interaction.
moPS App through version 1.8.618 contains a critical authentication bypass vulnerability (CVE-2024-55585, CVSS 9.0) that allows all authenticated users to access administrative API endpoints without proper authorization checks, enabling unrestricted read and write operations including password resets. This vulnerability is particularly severe as it requires only low privileges (PR:L) to exploit via network access, and the /api/v1/users/resetpassword endpoint demonstrates direct administrative function access. No KEV or active exploitation data is referenced, but the high CVSS score and authentication bypass nature suggest significant real-world risk if exploited.
Missing authorization vulnerability in Christiaan Pieterse MaxiBlocks WordPress plugin (versions up to 2.1.0) that allows authenticated users with low privileges to escalate their access and perform unauthorized actions with high impact. An attacker with basic user credentials can bypass authorization checks to modify content, user accounts, or plugin settings, potentially leading to complete site compromise. The high CVSS score of 8.8 reflects the severe impact, though exploitation requires prior authentication access.
Local privilege escalation vulnerability in Action1 where an attacker with low-privileged code execution can exploit an insecure OpenSSL configuration file loading mechanism to achieve SYSTEM-level code execution. The vulnerability requires prior code execution capability on the target system but presents a direct path to full system compromise once initial access is obtained. No active exploitation or public POC has been confirmed at this time, but the moderate CVSS score of 7.8 and CWE-427 classification indicate a meaningful risk to Action1 users.
Local privilege escalation vulnerability in 2BrightSparks SyncBackFree that allows low-privileged attackers to escalate to SYSTEM-level privileges by abusing the Mirror functionality through malicious junction creation. The vulnerability requires local code execution capability and administrator interaction, enabling arbitrary file deletion and code execution with SYSTEM privileges. This is a moderately severe local privilege escalation with a CVSS score of 7.3.
Privilege escalation vulnerability in the Rust 'users' crate that incorrectly includes the root group in access control lists when a user or process has fewer than 1024 groups. An authenticated local attacker with low privileges can exploit this flaw to gain unauthorized access to resources restricted to the root group, achieving privilege escalation. The vulnerability requires local access and existing user privileges but has high impact on confidentiality and integrity.
Cross-Site Request Forgery (CSRF) vulnerability in tggfref WP-Recall allows Privilege Escalation. This issue affects WP-Recall: from n/a through 16.26.14.
Hardcoded administrative account vulnerability in an undocumented system component that cannot be deactivated, allowing local users to gain complete system compromise with high confidentiality, integrity, and availability impact. While the vulnerability carries a critical CVSS 9.4 score, the attack vector is restricted to local access only, significantly reducing real-world network-based exploitation risk. The vulnerability's severity stems from CWE-798 (Use of Hard-Coded Credentials), a foundational authentication bypass mechanism that enables privilege escalation and persistent administrative access.
The WP Email Debug WordPress plugin (versions 1.0-1.1.0) contains a critical privilege escalation vulnerability (CVE-2025-5486) stemming from missing capability checks in the WPMDBUG_handle_settings() function. Unauthenticated attackers can exploit this to modify plugin settings, redirect administrator emails to attacker-controlled addresses, and trigger password resets to gain full administrative access to affected WordPress installations. The CVSS 9.8 score reflects network-based exploitation with zero complexity and no authentication required, representing a critical severity threat with high real-world exploitation potential.
CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.
Permission bypass vulnerability in the media library module that allows unauthenticated local attackers to escalate privileges and gain unauthorized access to sensitive functionality. The vulnerability has a CVSS score of 7.8 (High) and impacts confidentiality, integrity, and availability. While the description indicates only availability impact, the CVSS vector reveals high C/I/A ratings, suggesting attackers can read, modify, or delete protected media assets and potentially disrupt service availability.
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Starting in version 0.9.0, Himmelblau introduced support for specifying group names in the `pam_allow_groups` configuration option. However, Microsoft Entra ID permits the creation of multiple groups with the same `displayName` via the Microsoft Graph API-even by non-admin users, depending on tenant settings. As a result, a user could create a personal group with the same name as a legitimate access group (e.g., `"Allow-Linux-Login"`), add themselves to it, and be granted authentication or `sudo` rights by Himmelblau. Because affected Himmelblau versions compare group names by either `displayName` or by the immutable `objectId`, this allows bypassing access control mechanisms intended to restrict login to members of official, centrally-managed groups. This issue is fixed in Himmelblau version **0.9.15** and later. In these versions, group name matching in `pam_allow_groups` has been deprecated and removed, and only group `objectId`s (GUIDs) may be specified for secure group-based filtering. To mitigate the issue without upgrading, replace all entries in `pam_allow_groups` with the objectId of the target Entra ID group(s) and/or audit your tenant for groups with duplicate display names using the Microsoft Graph API.
Local privilege escalation vulnerability in HP Support Assistant versions before 9.44.18.0 that allows a local attacker with limited user privileges to write arbitrary files and escalate to higher privilege levels without user interaction. The vulnerability carries a CVSS score of 7.8 (high severity) and exploits improper file permission handling in the support application; while KEV status and active exploitation data are not provided in the source material, the low attack complexity and local attack vector suggest this is a realistic threat for systems running vulnerable versions.
The HyperComments WordPress plugin versions up to 1.2.2 contain a critical missing capability check vulnerability in the hc_request_handler function that allows unauthenticated remote attackers to modify arbitrary WordPress options without authentication. This can be directly exploited to escalate privileges by changing the default registration role to administrator and enabling user registration, granting attackers immediate administrative access to vulnerable sites. With a CVSS score of 9.8 and network-based attack vector requiring no user interaction, this vulnerability poses an extreme risk to any unpatched WordPress installation using the affected plugin.
Critical authentication bypass vulnerability in FreshRSS versions prior to 1.26.2 that allows authenticated attackers to impersonate any user, including administrators, by exploiting improper HTTP authentication header validation in reverse proxy configurations. Attackers with a valid account can craft requests leveraging CSRF token extraction via XPath scraping and spoofed Remote-User or X-WebAuth-User headers to gain unauthorized access and privilege escalate. The vulnerability requires moderate attack complexity (knowledge of target IP and admin username) but has high real-world impact due to the authentication bypass and privilege escalation chain.
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
Critical authentication bypass vulnerability in Cisco Integrated Management Controller (IMC) across multiple UCS server platforms that allows authenticated remote attackers to escalate privileges and access internal services with elevated permissions via crafted SSH syntax. The vulnerability affects UCS B-Series, C-Series, S-Series, and X-Series servers, enabling attackers to create administrator accounts and modify system configurations. With a CVSS score of 8.8 and low attack complexity requiring only valid credentials, this vulnerability poses significant risk to data center infrastructure and should be prioritized for patching.
An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1380. A Use-After-Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400. A Double Free in the mobile processor leads to privilege escalation.
Local privilege escalation vulnerability in Acronis Cyber Protect 16 (Windows) caused by insecure folder permissions (CWE-732), allowing authenticated local users to escalate privileges with high confidentiality, integrity, and availability impact. The vulnerability affects Windows installations before build 39938, and while the CVSS score of 7.3 indicates significant risk, exploitation requires local access and user interaction. No public indicators confirm active exploitation in the wild or widespread POC availability at this time.
Local privilege escalation vulnerability in Razer Synapse 4 (versions through 4.0.86.2502180127) affecting the razer_elevation_service.exe component. An authenticated local attacker can exploit a vulnerable COM interface to escalate from standard user privileges to SYSTEM/administrative level, gaining full control over the affected system. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access but no user interaction, making it a significant risk for multi-user systems and enterprise deployments.
A remote code execution vulnerability in the MIM Admin service (CVSS 8.9). High severity vulnerability requiring prompt remediation.
Local privilege escalation due to insecure file permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40077.
The Sunshine Photo Cart plugin for WordPress (versions ≤3.4.11) contains an improper key validation vulnerability in its password reset functionality, allowing authenticated attackers with Subscriber-level privileges to perform privilege escalation by resetting arbitrary user passwords, including administrators. With a CVSS score of 8.8 and a low attack complexity (network-accessible, no user interaction required), this vulnerability poses a critical threat to WordPress installations using this plugin. The vulnerability is likely to be actively exploited given the straightforward attack path and the high-value target (admin account takeover).
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
Use-After-Free (UAF) vulnerability in Samsung's Exynos mobile processors (980, 990, 1080, 2100, 1280, 2200, 1380) that enables local privilege escalation. An authenticated attacker with local access can exploit this memory safety flaw to gain elevated privileges on affected devices. The vulnerability has a CVSS 3.1 score of 7.8 (High), reflecting high impact on confidentiality, integrity, and availability, though exploitation requires local access and existing user-level privileges.
Critical improper authorization vulnerability in the bskms 蓝天幼儿园管理系统 (Lantian Kindergarten Management System) affecting the /sa/addUser endpoint of the User Creation Handler component. The vulnerability allows unauthenticated remote attackers to bypass authorization controls and manipulate user creation functionality, potentially leading to unauthorized account creation, privilege escalation, or data compromise. The exploit has been publicly disclosed with proof-of-concept code available, and the affected product uses continuous delivery with rolling releases, making precise version tracking difficult.
Double-free vulnerability in Samsung's Exynos mobile processors (models 980, 990, 1080, 2100, 1280, 2200, 1380, 1480, and 2400) that enables privilege escalation. An authenticated attacker with local access can trigger the memory corruption flaw to gain elevated privileges on affected devices. With a CVSS score of 8.8 and network accessibility (AV:N), this represents a critical risk for Samsung mobile device users, particularly if the vulnerability is actively exploited in-the-wild.
CVE-2025-25021 is a security vulnerability (CVSS 7.2) that allows a privileged execute code. High severity vulnerability requiring prompt remediation.
Dell Encryption Admin Utilities versions prior to 11.10.2 contain an Improper Link Resolution vulnerability (CWE-61) that allows a local user with limited privileges to escalate their permissions to higher levels without user interaction. The vulnerability has a CVSS score of 7.8 (High) with local attack vector and low attack complexity, indicating straightforward exploitation by unprivileged local users. No active exploitation in the wild has been confirmed at this time, but the local privilege escalation nature and availability of detailed CVE information presents a meaningful post-patch exploitation risk.
Directory traversal vulnerability in Parallels Desktop for Mac version 20.2.2 (build 55879) affecting the PVMP package unpacking functionality. An authenticated local attacker with limited privileges can exploit this flaw to write arbitrary files to the system, potentially achieving privilege escalation with high impact on confidentiality, integrity, and availability. The vulnerability requires local access and user interaction is not needed, making it a significant risk for multi-user or shared Mac environments.
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) where the snapshot functionality allows a local attacker with user-level privileges to write arbitrary files via hard link exploitation of a root-owned process. An attacker can leverage this to escalate privileges from a normal user to root, potentially achieving full system compromise. The vulnerability has a CVSS score of 7.8 (high severity) and requires local access with low complexity.
Privilege escalation vulnerability in Parallels Desktop for Mac version 20.1.1 (build 55740) affecting the Snapshot deletion functionality. A local attacker with standard user privileges can exploit a symlink race condition to manipulate root-owned snapshot files, escalating privileges to root. The vulnerability has a CVSS score of 7.8 (high severity) with low attack complexity, and while specific KEV/EPSS data is not provided, the low complexity and local attack vector suggest moderate real-world exploitation probability.
Privilege escalation vulnerability in Parallels Desktop for Mac 20.1.1 that allows a local attacker with user-level privileges to gain root-level code execution through a hard link attack during virtual machine archive restoration. The prl_vmarchiver tool operates with root privileges during decompression and file restoration, enabling an attacker to redirect writes to arbitrary system files. This vulnerability has a CVSS score of 7.8 (High) with low attack complexity, making it a practical privilege escalation vector for local users on affected systems.
PC Time Tracer versions prior to 5.2 contain an incorrect default permissions vulnerability (CWE-276) that allows local authenticated attackers to execute arbitrary code with SYSTEM privileges on Windows systems. The vulnerability requires local access and user interaction but provides complete system compromise capability. No KEV/CISA known exploited vulnerability status or public POC availability is confirmed from the provided data, though the CVSS 7.3 score and EPSS analysis should be monitored for exploitation likelihood.
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
Auth bypass account takeover in Golo City Travel Guide WordPress theme.
Use-after-free vulnerability in Samsung's Exynos mobile processors (2200, 1480, and 2400) that allows a local attacker with low privileges to escalate to higher privileges and potentially achieve code execution with full system compromise. The vulnerability requires local access but no user interaction, making it a significant privilege escalation vector for devices running affected processor versions. The CVSS 7.8 rating reflects the high confidentiality, integrity, and availability impacts achievable through privilege escalation on mobile devices where such attacks directly threaten user data and system security.
An issue was discovered in Samsung Mobile Processor Exynos 2200. A Use-After-Free in the mobile processor leads to privilege escalation.
Privilege escalation vulnerability in Splunk Universal Forwarder for Windows where incorrect file system permissions are assigned during installation or upgrade, allowing non-administrator users to read and modify sensitive files in the installation directory. This affects versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, and could enable unauthorized access to credentials, configuration files, and system monitoring data. While CVSS 8.0 indicates high severity, real-world exploitation requires local access and user interaction (UI requirement per vector), limiting attack scope.
Local privilege escalation vulnerability in SolarWinds Dameware Mini Remote Control caused by incorrect permission assignments on system resources. An authenticated attacker with low-privilege local access can exploit this vulnerability to gain elevated privileges (SYSTEM/Administrator level), achieving complete system compromise including confidentiality, integrity, and availability violations. This vulnerability requires valid local credentials and user interaction is not required for exploitation, making it a significant risk for multi-user systems or those with shared access.
Use After Free (UAF) vulnerability in Arm Ltd's Valhall GPU Kernel Driver and Arm 5th Gen GPU Architecture Kernel Driver that allows a local, unprivileged user to access already-freed GPU memory through improper GPU memory processing operations. Affected versions range from r53p0 before r54p0 in both driver families. With a CVSS score of 7.8 and high impact across confidentiality, integrity, and availability, this vulnerability enables memory disclosure, data manipulation, and potential denial of service on systems running vulnerable GPU drivers.
CVE-2025-3260 is an authorization bypass vulnerability in Grafana's dashboard API endpoints (/apis/dashboard.grafana.app/*) that allows authenticated users to circumvent dashboard and folder permission controls across all API versions (v0alpha1, v1alpha1, v2alpha1). Affected users with viewer or editor roles can access, modify, or delete dashboards and folders they should not have permission to interact with, while organization isolation boundaries and datasource access controls remain unaffected. With a CVSS score of 8.3 and requiring only low-privilege authentication, this represents a significant risk to multi-tenant Grafana deployments and requires immediate patching.
Privilege escalation vulnerability in Axis Communications' VAPIX Device Configuration framework that allows a local, authenticated user with lower privileges to escalate to administrator-level access. Discovered during a penetration test by Truesec, this flaw affects Axis network devices and cameras utilizing the vulnerable VAPIX framework. With a CVSS score of 8.8 and local attack vector, the vulnerability poses significant risk to organizations deploying Axis devices in multi-user or untrusted environments, though it requires prior authentication and local access to exploit.
Privilege escalation in Axis VAPIX framework.
GPU privilege escalation vulnerability allowing non-privileged users to conduct improper GPU system calls that bypass GPU hardware protections and write to arbitrary physical memory pages, achieving complete system compromise. The vulnerability affects GPU driver implementations across multiple vendors and has a CVSS score of 7.8 (High) with local attack vector requiring low privileges but no user interaction. Without KEV confirmation, EPSS score, or confirmed public POC in the provided data, the real-world exploitation risk remains moderate but should be treated as significant due to the nature of GPU memory access primitives in modern systems.
Local privilege escalation vulnerability in Realtek Bluetooth HCI adaptor drivers that exploits a symlink-following flaw (CWE-59) to enable arbitrary file deletion. Local attackers with standard user privileges can create symbolic links to trick the driver into deleting critical system files, subsequently leveraging file deletion to gain elevated privileges. The vulnerability has a CVSS score of 7.8 (High) with complete integrity and confidentiality impact; exploitation status and POC availability require vendor advisory correlation to assess active exploitation risk.
Remote privilege escalation in Android WLAN AP driver via packet injection.
Heap OOB write in Android Bluetooth driver via incorrect bounds check.
The Offsprout Page Builder plugin for WordPress is vulnerable to Privilege Escalation due to improper authorization placed on the permission_callback() function in versions 2.2.1 to 2.15.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Profitori plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the stocktend_object endpoint in versions 2.0.6.0 to 2.1.1.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The PSW Front-end Login & Registration plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.12 via the customer_registration() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP-GeoMeta plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wp_ajax_wpgm_start_geojson_import() function in versions 0.3.4 to 0.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An improper default permissions vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
A privilege escalation vulnerability exists in multiple WSO2 products due to a business logic flaw in SOAP admin services. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.
Improper access control in user group management in Devolutions Server 2025.1.7.0 and earlier allows a non-administrative user with both "User Management" and "User Group Management" permissions to. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional sandbox restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Use of entitlement "com.apple.security.cs.disable-library-validation" and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
In some cases, Kea log files or lease files may be world-readable.4.0 through 2.4.1, 2.6.0 through 2.6.2, and 2.7.0 through 2.7.8. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
There is a possible bypass of carrier restrictions due to an unusual root cause. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
On macOS systems, by utilizing a Launch Agent and loading the viscosity_openvpn process from the application bundle, it is possible to load a dynamic library with Viscosity's TCC (Transparency,. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.
Screen 5.0.0 when it runs with setuid-root privileges does not drop privileges while operating on a user supplied path. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root.8.4-2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The default mode of pseudo terminals (PTYs) allocated by Screen was changed from 0620 to 0622, thereby allowing anyone to write to any Screen PTYs in the system. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
A vulnerability has been found in Wing FTP Server up to 7.4.3 and classified as critical. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.
In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. Rated high severity (CVSS 7.0). No vendor patch available.
Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation.0(20 through 11. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation.0.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 28.9% and no vendor patch available.
Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation.4.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An issue was discovered in CyberDAVA before 1.1.20. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.