Skip to main content

Privilege Escalation

13302 CVEs technique

Monthly

CVE-2024-40461 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40460 HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40459 HIGH POC This Week

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-40458 HIGH POC This Week

An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2024-13948 MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-45472 HIGH This Month

Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Autodeploy Layer
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-43596 HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
CVSS 4.0
8.5
EPSS
0.5%
CVE-2024-48853 CRITICAL Act Now

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user.08.03; NEXUS Series: through 3.08.03; MATRIX Series:. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
9.5
EPSS
0.3%
CVE-2025-45468 HIGH This Month

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fc Stable Diffusion
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-45471 HIGH POC This Week

Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Measure Cold Start
NVD GitHub
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-2272 HIGH This Week

Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.05. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2025-4280 MEDIUM Monitor

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Python macOS
NVD GitHub
CVSS 4.0
4.8
EPSS
0.1%
CVE-2025-2759 HIGH PATCH This Week

A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.

Privilege Escalation RCE Gstreamer Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-48070 LOW POC PATCH Monitor

Plane is open-source project management software. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Plane
NVD GitHub
CVSS 3.1
3.5
EPSS
0.1%
CVE-2025-44040 HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-2102 MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 4.0
5.7
EPSS
0.1%
CVE-2025-20114 MEDIUM Monitor

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco Unified Intelligence Center Unified Contact Center Express
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-0372 MEDIUM This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Race Condition Privilege Escalation Windows
NVD
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-27997 HIGH This Week

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Battle Net
NVD GitHub
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-22157 HIGH PATCH This Week

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Privilege Escalation Jira Data Center Jira Server
NVD
CVSS 4.0
7.2
EPSS
0.3%
CVE-2025-47940 PHP HIGH PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Typo3
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-4322 CRITICAL POC THREAT Emergency

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

WordPress Privilege Escalation PHP
NVD
CVSS 3.1
9.8
EPSS
31.1%
Threat
4.4
CVE-2025-4971 HIGH POC This Week

Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Broadcom
NVD Exploit-DB
CVSS 4.0
8.5
EPSS
0.8%
CVE-2025-48340 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-39459 HIGH This Week

Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.5.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-39405 HIGH This Week

Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.0 (17-08-2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-24183 MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-4477 HIGH This Week

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
0.7%
CVE-2025-33103 HIGH This Week

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation
NVD
CVSS 3.1
8.5
EPSS
0.2%
CVE-2025-32310 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation.0.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-4211 HIGH This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation Windows Red Hat
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2025-47809 HIGH This Month

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
CVSS 3.1
8.2
EPSS
0.1%
CVE-2025-0921 MEDIUM This Month

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-30475 HIGH This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Privilege Escalation Insightiq
NVD
CVSS 3.1
8.1
EPSS
0.3%
CVE-2025-46836 MEDIUM PATCH CISA This Month

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD GitHub
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-45067 MEDIUM This Month

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-0131 HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation Windows
NVD
CVSS 4.0
7.1
EPSS
0.2%
CVE-2025-30664 MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-30663 HIGH This Month

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-3931 Go HIGH PATCH This Month

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24308 HIGH This Week

Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-23233 MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-22843 HIGH This Week

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.8
EPSS
0.0%
CVE-2025-22446 MEDIUM This Month

Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-21099 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-21094 HIGH This Week

Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-21081 LOW Monitor

Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-20629 MEDIUM This Month

Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20616 LOW Monitor

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Denial Of Service
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20612 MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-20108 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Privilege Escalation Windows
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20104 MEDIUM This Month

Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Race Condition Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20100 HIGH This Week

Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-20095 MEDIUM This Month

Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-20083 HIGH This Week

Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-20082 HIGH This Week

Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-20079 MEDIUM This Month

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation Advisor Oneapi Base Toolkit
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20076 LOW Monitor

Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-20047 MEDIUM This Month

Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.1%
CVE-2025-20043 MEDIUM This Month

Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20041 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20018 MEDIUM This Month

Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
6.9
EPSS
0.1%
CVE-2025-20015 MEDIUM This Month

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20008 MEDIUM This Month

Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2025-20004 HIGH This Week

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
8.5
EPSS
0.0%
CVE-2025-20003 HIGH This Week

Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.1%
CVE-2024-48869 MEDIUM PATCH This Month

Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Privilege Escalation Red Hat Suse
NVD
CVSS 4.0
5.6
EPSS
0.1%
CVE-2024-47800 MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-47795 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-47550 MEDIUM This Month

Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2024-46895 MEDIUM This Month

Uncontrolled search path for some Intel(R) Arc™ &amp; Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-39833 MEDIUM This Month

Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-31073 MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.1%
CVE-2024-28954 MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
CVSS 4.0
5.4
EPSS
0.0%
CVE-2025-4660 HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation Secureconnector Windows
NVD
CVSS 4.0
8.7
EPSS
1.5%
CVE-2023-31359 HIGH This Week

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation Aim T Manageability Api
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2023-31358 HIGH This Week

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation Aim T Manageability Api
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-29976 HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
CVSS 3.1
7.8
EPSS
0.8%
CVE-2025-27468 HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 Windows 10 1607 Windows 10 1809 +12
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2024-36339 HIGH This Month

A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2024-21960 HIGH This Month

Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-22460 HIGH This Week

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Cloud Services Appliance
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2025-4649 MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
4.9
EPSS
0.2%
CVE-2025-32917 MEDIUM This Month

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
CVSS 4.0
5.2
EPSS
0.2%
CVE-2025-4646 HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-4474 HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2025-4473 HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation PHP
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-31222 HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-24258 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-3876 HIGH PATCH This Week

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation Sms Alert Order Notifications PHP
NVD
CVSS 3.1
8.8
EPSS
0.3%
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Innovation
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration information*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Autodeploy Layer
NVD GitHub
EPSS 1% CVSS 8.5
HIGH This Month

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Backup
NVD
EPSS 0% CVSS 9.5
CRITICAL Act Now

An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user.08.03; NEXUS Series: through 3.08.03; MATRIX Series:. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Fc Stable Diffusion
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Measure Cold Start
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.05. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation Python +1
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A local privilege escalation vulnerability in GStreamer's installer allows attackers with low-privileged access to escalate to higher privileges due to incorrect folder permissions. The vulnerability affects all versions of GStreamer and enables arbitrary code execution in the context of a target user. With a low EPSS score of 0.01% and no KEV listing, this vulnerability has limited evidence of active exploitation in the wild.

Privilege Escalation RCE Gstreamer +1
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

Plane is open-source project management software. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Privilege Escalation XSS Plane
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Month

An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via UserService.php and the checkForOldHash function. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Orangehrm
NVD GitHub
EPSS 0% CVSS 5.7
MEDIUM This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.7). No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Cisco +2
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.1. Rated medium severity (CVSS 5.9). No vendor patch available.

Microsoft Race Condition Privilege Escalation +1
NVD
EPSS 0% CVSS 8.4
HIGH This Week

An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Battle Net
NVD GitHub
EPSS 0% CVSS 7.2
HIGH PATCH This Week

This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions: 9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server 5.12.0, 10.3.0, 10.4.0, and 10.5.0. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity.

Atlassian Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 7.2
HIGH PATCH This Month

TYPO3 is an open source, PHP based web content management system. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Privilege Escalation Typo3
NVD GitHub
EPSS 31% 4.4 CVSS 9.8
CRITICAL POC THREAT Emergency

The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.1% and no vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 1% CVSS 8.5
HIGH POC This Week

Broadcom Automic Automation Agent Unix versions < 24.3.0 HF4 and < 21.0.13 HF1 allow low privileged users who have execution rights on the agent executable to escalate their privileges. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Broadcom
NVD Exploit-DB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in Danny Vink User Profile Meta Manager allows Privilege Escalation.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Incorrect Privilege Assignment vulnerability in Contempo Themes Real Estate 7 allows Privilege Escalation.5.2. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in mojoomla WPAMS allows Privilege Escalation.0 (17-08-2023). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 1% CVSS 8.6
HIGH This Week

The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.5
HIGH This Week

IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

IBM Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in ThemeMove QuickCal allows Privilege Escalation.0.13. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Improper Link Resolution Before File Access ('Link Following') vulnerability in QFileSystemEngine in the Qt corelib module on Windows which potentially allows Symlink Attacks and the use of Malicious. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 8.2
HIGH This Month

Wibu CodeMeter before 8.30a sometimes allows privilege escalation immediately after installation (before a logoff or reboot). Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Execution with Unnecessary Privileges vulnerability in multiple services of Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions,. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.1
HIGH This Month

Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Dell Privilege Escalation Insightiq
NVD
EPSS 0% CVSS 6.6
MEDIUM PATCH This Month

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 7.1
HIGH This Month

An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +1
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Privilege Escalation Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Month

A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Red Hat Suse
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.8). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Inadequate encryption strength for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Insecure inherited permissions in the NVM Update Utility for some Intel(R) Ethernet Network Adapter E810 Series before version 4.60 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation Denial Of Service
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Incorrect execution-assigned permissions for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element for some Intel(R) Network Adapter Driver installers for Windows 11 before version 29.4 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Intel Privilege Escalation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Race condition in some Administrative Tools for some Intel(R) Network Adapters package before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Race Condition Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper access control in the memory controller configurations for some Intel(R) Xeon(R) 6 processor with E-cores may allow a privileged user to potentially enable escalation of privilege via local. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect Default Permissions for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper authentication in the firmware for the Intel(R) Slim Bootloader may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1). No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Time-of-check time-of-use race condition in the UEFI firmware SmiVariable driver for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to enable escalation of privilege via. Rated high severity (CVSS 8.7). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation Advisor +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Improper access control for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated low severity (CVSS 2.1), this vulnerability is no authentication required. No vendor patch available.

Intel Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted pointer dereference for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element for some Intel(R) Ethernet Connection software before version 29.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Improper restriction of software interfaces to hardware features for some Intel(R) Xeon(R) 6 processor with E-cores when using Intel(R) Trust Domain Extensions (Intel(R) TDX) or Intel(R) Software. Rated medium severity (CVSS 5.6). No vendor patch available.

Intel Privilege Escalation Red Hat +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Graphics Driver software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI DPC++/C++ Compiler software before version 2025.0.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Endurance Gaming Mode software installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Arc™ &amp; Iris(R) Xe graphics software before version 32.0.101.6083/32.0.101.5736 may allow an authenticated user to potentially enable escalation of. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) QAT software before version 2.3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Level Zero software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver installers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 2% CVSS 8.7
HIGH This Month

A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft RCE Privilege Escalation +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Incorrect default permissions in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in the AMD Manageability API could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation +1
NVD
EPSS 1% CVSS 7.8
HIGH This Month

Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sharepoint Server
NVD
EPSS 0% CVSS 7.0
HIGH This Month

Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation Windows 10 1507 +14
NVD
EPSS 0% CVSS 7.3
HIGH This Month

A DLL hijacking vulnerability in the AMD Optimizing CPU Libraries could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Month

Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Default credentials in Ivanti Cloud Services Application before version 5.0.5 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Cloud Services Appliance
NVD
EPSS 0% CVSS 4.9
MEDIUM Monitor

Improper Handling of Exceptional Conditions vulnerability in Centreon web allows Privilege Escalation. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Centreon Web
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

Privilege escalation in jar_signature agent plugin in Checkmk versions <2.4.0b7 (beta), <2.3.0p32, <2.2.0p42, and 2.1.0p49 (EOL) allow user with write access to JAVA_HOME/bin directory to escalate. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Checkmk
NVD
EPSS 0% CVSS 7.2
HIGH This Month

Incorrect Authorization vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.04.0 before 24.04.10, from 24.10.0 before 24.10.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Centreon Web
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A correctness issue was addressed with improved checks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to Privilege Escalation due to insufficient user OTP validation in the handleWpLoginCreateUserAction() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Privilege Escalation +2
NVD
Prev Page 30 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy