Skip to main content

Privilege Escalation

13302 CVEs technique

Monthly

CVE-2025-24299 HIGH This Month

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-22391 MEDIUM This Month

Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20614 MEDIUM This Month

External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-20065 MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20056 MEDIUM Monitor

Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.0%
CVE-2025-20050 MEDIUM This Month

Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation Computing Improvement Program
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20010 HIGH This Month

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.1%
CVE-2025-9408 HIGH This Month

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-13025 HIGH PATCH This Week

Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-10918 HIGH This Month

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2025-9055 MEDIUM This Month

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-10714 HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-8108 MEDIUM This Month

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-6779 MEDIUM This Month

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-6298 MEDIUM This Month

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-5718 MEDIUM This Month

The ACAP Application framework could allow privilege escalation through a symlink attack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-5454 MEDIUM This Month

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. Rated medium severity (CVSS 6.4). No vendor patch available.

Path Traversal Privilege Escalation Axis Os
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-5452 MEDIUM This Month

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Axis Os
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-11457 CRITICAL Act Now

The EasyCommerce - AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-11168 HIGH This Month

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-11892 HIGH This Month

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
8.6
EPSS
0.1%
CVE-2025-11578 HIGH This Month

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
CVSS 4.0
7.5
EPSS
0.1%
CVE-2025-64507 Go HIGH POC PATCH GHSA This Week

Incus is a system container and virtual machine manager. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Incus Red Hat Suse
NVD GitHub
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-56503 MEDIUM This Month

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-12726 HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation Chrome Windows +1
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43079 MEDIUM This Month

The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.3
EPSS
0.0%
CVE-2025-12967 PyPI HIGH PATCH This Week

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Python Privilege Escalation
NVD GitHub
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-46430 HIGH This Month

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Display And Peripheral Manager
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-64457 MEDIUM Monitor

In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition. Rated medium severity (CVSS 4.2). No vendor patch available.

Privilege Escalation Dottrace Resharper Rider
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-64456 HIGH This Month

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Privilege Escalation Resharper
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-12405 HIGH This Month

An improper privilege management vulnerability was found in Looker Studio. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-64489 HIGH PATCH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Suitecrm
NVD GitHub
CVSS 3.1
8.3
EPSS
0.1%
CVE-2025-64436 Go MEDIUM POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Privilege Escalation Kubevirt Red Hat Suse
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-37736 HIGH This Month

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Privilege Escalation Elastic Cloud Enterprise
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-36186 HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM Db2 Windows
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-4519 HIGH PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Privilege Escalation Idonate PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5483 HIGH This Month

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-12489 HIGH This Month

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Privilege Escalation
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2025-12485 HIGH This Month

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Devolutions Server
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-10885 HIGH This Month

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Installer
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6325 CRITICAL This Week

Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-60243 CRITICAL This Week

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.2.46. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-60195 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-49900 HIGH This Month

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-37735 HIGH This Month

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. Rated high severity (CVSS 7.0). No vendor patch available.

Elastic Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
7.0
EPSS
0.0%
CVE-2025-63416 CRITICAL POC Act Now

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Selfbest
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-46366 MEDIUM This Month

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-46364 CRITICAL This Week

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink D-Link
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-43990 HIGH This Month

Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Monitor
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-11749 CRITICAL POC THREAT Emergency

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint when the No-Auth URL feature is enabled. Unauthenticated attackers can extract this token to gain full API access, compromising AI assistant configurations and potentially accessing connected LLM provider API keys.

WordPress Information Disclosure Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
85.9%
Threat
6.0
CVE-2025-52910 CRITICAL This Week

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Use After Free Privilege Escalation Exynos 1280 Firmware +5
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-20749 MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Android Google
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20748 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20747 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20746 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20745 MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service Use After Free Privilege Escalation +2
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20744 MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20743 MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free Privilege Escalation Android +1
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20742 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
8.0
EPSS
0.0%
CVE-2025-20741 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20739 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20738 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20737 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20736 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20735 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20734 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20733 HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20732 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20731 MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-20730 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto Rdk B Android +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20729 MEDIUM Monitor

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit Openwrt
NVD
CVSS 3.1
4.2
EPSS
0.0%
CVE-2025-20728 HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Software Development Kit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20727 HIGH This Month

In Modem, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +3
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-20726 HIGH This Month

In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Lr12a Nr15 +3
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-20725 HIGH This Month

In ims service, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Lr12a Nr15 +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-12683 MEDIUM This Month

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Privilege Escalation
NVD
CVSS 4.0
5.8
EPSS
0.0%
CVE-2025-12158 CRITICAL This Week

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-43507 MEDIUM This Month

A privacy issue was addressed by moving sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-43444 MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-43442 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os iOS
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-43350 LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados Iphone Os iOS
NVD
CVSS 3.1
2.4
EPSS
0.0%
CVE-2024-13997 CRITICAL This Week

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
CVSS 4.0
9.4
EPSS
0.2%
CVE-2025-11761 HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-8900 CRITICAL This Week

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-36367 HIGH This Month

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-6574 HIGH This Month

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-5949 HIGH This Month

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-56438 MEDIUM This Month

The firmware update mechanism in Nous W3 Smart WiFi Camera v1.33.50.82 fails to verify the authenticity or integrity of update archives, enabling a physically proximate unauthenticated attacker to escalate privileges to root by inserting a crafted update.tar on a FAT32 SD card. Full device compromise (C:H/I:H/A:H) is achievable with no authentication and low attack complexity once physical access is obtained. No public exploit has been confirmed via CISA KEV, and the EPSS score of 0.14% (3rd percentile) reflects the limited exploitation probability imposed by the physical access prerequisite.

Privilege Escalation
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
CVE-2025-60222 HIGH This Week

Privilege escalation in FantasticPlugins SUMO Memberships for WooCommerce (versions ≤7.8.0) allows authenticated users with low-level privileges to elevate permissions and gain unauthorized high-level access to WordPress site functions. The vulnerability stems from incorrect privilege assignment (CWE-266), enabling attackers to bypass intended access controls. With CVSS 8.8 (High) severity, the flaw permits complete compromise of confidentiality, integrity, and availability. EPSS probability is low (0.06%, 17th percentile), and no public exploit identified at time of analysis, though Patchstack has published advisory details.

WordPress PHP Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-53428 HIGH This Week

Privilege escalation in N-Media Simple User Registration (WordPress plugin) through version 6.8 allows authenticated low-privilege users to elevate their access to administrator-level permissions via incorrect privilege assignment. With EPSS at 0.06% (17th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains low despite the high CVSS score. The vulnerability requires low-privilege authentication (PR:L) but has low attack complexity (AC:L) and no user interaction (UI:N), making it straightforward to exploit once an attacker has basic user credentials.

WordPress PHP Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
EPSS 0% CVSS 8.7
HIGH This Month

Improper input validation for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper access control for some SigTest before version 6.1.10 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 5.6
MEDIUM This Month

External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.6), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Computing Improvement Program
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Display Virtualization for Windows OS software before version 1797 within Ring 2: Device Drivers may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

Improper input validation for some Intel VTune Profiler before version 2025.1 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 8.5
HIGH This Month

Use of unmaintained third party components for some Intel(R) Processor Identification Utility before version 8.0.43 within Ring 3: User Applications may allow an escalation of privilege. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 8.1
HIGH This Month

System call entry on Cortex M (and possibly R and A, but I think not) has a race which allows very practical privilege escalation for malicious userspace processes. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Incorrect boundary conditions in the Graphics: WebGPU component. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Privilege Escalation
NVD
EPSS 0% CVSS 7.1
HIGH This Month

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.4
HIGH This Month

AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Command Injection Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The ACAP Application framework could allow privilege escalation through a symlink attack. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to potential privilege escalation. Rated medium severity (CVSS 6.4). No vendor patch available.

Path Traversal Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Axis Os
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

The EasyCommerce - AI-Powered, Fast & Beautiful WordPress Ecommerce Plugin plugin for WordPress is vulnerable to Privilege Escalation in versions 0.9.0-beta2 to 1.5.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Mementor Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.2.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.6
HIGH This Month

An improper neutralization of input vulnerability was identified in GitHub Enterprise Server that allows DOM-based cross-site scripting via Issues search label filter that could lead to privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Privilege Escalation Enterprise Server
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Month

A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Enterprise Server
NVD GitHub
EPSS 0% CVSS 8.6
HIGH POC PATCH This Week

Incus is a system container and virtual machine manager. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Incus Red Hat +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

An issue in Sublime HQ Pty Ltd Sublime Text 4 4200 allows authenticated attackers with low-level privileges to escalate privileges to Administrator via replacing the uninstall file with a crafted. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Month

Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Microsoft Privilege Escalation +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The Qualys Cloud Agent included a bundled uninstall script (qagent_uninstall.sh), specific to Mac and Linux supported versions that invoked multiple system commands without using absolute paths and. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

An issue in AWS Wrappers for Amazon Aurora PostgreSQL may allow for privilege escalation to rds_superuser role. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Python Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Month

Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Display And Peripheral Manager
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In JetBrains ReSharper, Rider and dotTrace before 2025.2.5 local privilege escalation was possible via race condition. Rated medium severity (CVSS 4.2). No vendor patch available.

Privilege Escalation Dottrace Resharper +1
NVD
EPSS 0% CVSS 8.4
HIGH This Month

In JetBrains ReSharper before 2025.2.4 missing signature verification in DPA Collector allows local privilege escalation. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

Jwt Attack Privilege Escalation Resharper
NVD
EPSS 0% CVSS 7.7
HIGH This Month

An improper privilege management vulnerability was found in Looker Studio. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.3
HIGH PATCH This Month

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Suitecrm
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM POC PATCH This Week

KubeVirt is a virtual machine management add-on for Kubernetes. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Kubernetes Privilege Escalation Kubevirt +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Elastic Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.4
HIGH This Month

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges. Rated high severity (CVSS 7.4), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation IBM +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Month

The IDonate - Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_password() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 8.1
HIGH This Month

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wp_user.php file in versions 1.2.10 to 1.3.0. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress PHP Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH This Month

evernote-mcp-server openBrowser Command Injection Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE Privilege Escalation
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Improper privilege management during pre-MFA cookie handling in Devolutions Server allows a low-privileged authenticated user to impersonate another account by replaying the pre-MFA cookie.This does. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Devolutions Server
NVD
EPSS 0% CVSS 7.8
HIGH This Month

A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Installer
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Incorrect Privilege Assignment vulnerability in KingAddons.com King Addons for Elementor king-addons allows Privilege Escalation.1.36. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Incorrect Privilege Assignment vulnerability in Holest Engineering Selling Commander for WooCommerce selling-commander-connector allows Privilege Escalation.2.46. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Incorrect Privilege Assignment vulnerability in bPlugins Advanced scrollbar advanced-scrollbar allows Privilege Escalation.1.8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. Rated high severity (CVSS 7.0). No vendor patch available.

Elastic Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 9.1
CRITICAL POC Act Now

** exclusively-hosted-service ** A Stored Cross-Site Scripting (XSS) vulnerability in the chat functionality of the SelfBest platform 2023.3 allows authenticated low-privileged attackers to execute. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Privilege Escalation Selfbest
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploit and gain parallel privilege escalation or access to the database to obtain confidential. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink +1
NVD
EPSS 0% CVSS 9.1
CRITICAL This Week

Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known password can run CLI Escape Vulnerability to gain control of system. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Privilege Escalation Cloudlink +1
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Dell Privilege Escalation Command Monitor
NVD
EPSS 86% 6.0 CVSS 9.8
CRITICAL POC THREAT Emergency

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint when the No-Auth URL feature is enabled. Unauthenticated attackers can extract this token to gain full API access, compromising AI assistant configurations and potentially accessing connected LLM provider API keys.

WordPress Information Disclosure Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung Use After Free +7
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In charger, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In apusys, there is a possible memory corruption due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Memory Corruption Denial Of Service +4
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In pda, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In clkdbg, there is a possible escalation of privilege due to use after free. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Use After Free +3
NVD
EPSS 0% CVSS 8.0
HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto +4
NVD
EPSS 0% CVSS 4.2
MEDIUM Monitor

In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +1
NVD
EPSS 0% CVSS 8.1
HIGH This Month

In Modem, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 7.5
HIGH This Month

In Modem, there is a possible out of bounds write due to an incorrect bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 7.5
HIGH This Month

In ims service, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. Rated medium severity (CVSS 5.8). No vendor patch available.

Denial Of Service Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The Simple User Capabilities plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the suc_submit_capabilities() function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A privacy issue was addressed by moving sensitive data. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Apple Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 3.3
LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +2
NVD
EPSS 0% CVSS 2.4
LOW Monitor

A permissions issue was addressed with additional restrictions. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +2
NVD
EPSS 0% CVSS 9.4
CRITICAL This Week

Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nagios Xi
NVD
EPSS 0% CVSS 8.5
HIGH This Month

A potential security vulnerability has been identified in the HP Client Management Script Library software, which might allow escalation of privilege during the installation process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Client Management Script Library
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The Doccure Core plugin for WordPress is vulnerable to privilege escalation in versions up to, and excluding, 1.5.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 8.8
HIGH This Month

IBM i 7.6, 7.5, 7.4, 7.3, and 7.2 is vulnerable to privilege escalation caused by an invalid IBM i SQL services authorization check. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass IBM Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

The firmware update mechanism in Nous W3 Smart WiFi Camera v1.33.50.82 fails to verify the authenticity or integrity of update archives, enabling a physically proximate unauthenticated attacker to escalate privileges to root by inserting a crafted update.tar on a FAT32 SD card. Full device compromise (C:H/I:H/A:H) is achievable with no authentication and low attack complexity once physical access is obtained. No public exploit has been confirmed via CISA KEV, and the EPSS score of 0.14% (3rd percentile) reflects the limited exploitation probability imposed by the physical access prerequisite.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in FantasticPlugins SUMO Memberships for WooCommerce (versions ≤7.8.0) allows authenticated users with low-level privileges to elevate permissions and gain unauthorized high-level access to WordPress site functions. The vulnerability stems from incorrect privilege assignment (CWE-266), enabling attackers to bypass intended access controls. With CVSS 8.8 (High) severity, the flaw permits complete compromise of confidentiality, integrity, and availability. EPSS probability is low (0.06%, 17th percentile), and no public exploit identified at time of analysis, though Patchstack has published advisory details.

WordPress PHP Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Privilege escalation in N-Media Simple User Registration (WordPress plugin) through version 6.8 allows authenticated low-privilege users to elevate their access to administrator-level permissions via incorrect privilege assignment. With EPSS at 0.06% (17th percentile) and no public exploit identified at time of analysis, real-world exploitation risk remains low despite the high CVSS score. The vulnerability requires low-privilege authentication (PR:L) but has low attack complexity (AC:L) and no user interaction (UI:N), making it straightforward to exploit once an attacker has basic user credentials.

WordPress PHP Privilege Escalation
NVD
Prev Page 21 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy