Skip to main content

Privilege Escalation

13305 CVEs technique

Monthly

CVE-2024-55917 HIGH This Week

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-55632 HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-55631 HIGH This Week

An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-52049 HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-52048 HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-56207 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce - eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56204 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56203 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56066 CRITICAL Act Now

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56061 HIGH This Week

Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.8119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-56043 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56040 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.9.9.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56205 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-56071 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-56220 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-13040 HIGH This Week

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-13058 MEDIUM This Month

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
4.8
EPSS
0.4%
CVE-2024-13043 HIGH This Week

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Panda Dome
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-12753 HIGH This Week

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Pdf Editor Pdf Reader
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2024-55950 HIGH This Week

Tabby (formerly Terminus) is a highly configurable terminal emulator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD GitHub
CVSS 4.0
8.6
EPSS
0.3%
CVE-2024-52535 HIGH This Week

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Business Pcs Supportassist For Home Pcs
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-47978 HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Nativeedge Orchestrator
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11281 CRITICAL Act Now

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
1.5%
CVE-2024-1609 HIGH This Week

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-12594 HIGH This Week

The Custom Login Page Styler - Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login - Limit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-12903 HIGH This Week

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-56335 HIGH This Week

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Vaultwarden
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-56334 npm HIGH PATCH This Week

systeminformation is a System and OS information library for node.js. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Code Injection RCE Node.js
NVD GitHub
CVSS 3.1
7.8
EPSS
0.7%
CVE-2024-12678 Go MEDIUM PATCH This Month

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nomad
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-12831 HIGH This Week

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Ng Firewall
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-25131 Go HIGH PATCH This Week

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.8%
CVE-2024-45819 MEDIUM PATCH This Month

PVH guests have their ACPI tables constructed by the toolstack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Xen
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2024-4229 HIGH This Week

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Information Disclosure Microsoft
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-35141 HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM Security Verify Access Docker
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54383 CRITICAL Act Now

Privilege escalation in the WooCommerce PDF Vouchers WordPress plugin (wpweb) affects all versions up to and including 4.9.8, allowing remote unauthenticated attackers to gain elevated privileges on affected sites due to incorrect privilege assignment. With a CVSS score of 9.8 and EPSS at the 90th percentile (5.34%), this represents a meaningful threat to WordPress sites running this plugin, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts the full confidentiality, integrity, and availability triad of affected WordPress installations.

Privilege Escalation WordPress
NVD
CVSS 3.1
9.8
EPSS
5.3%
CVE-2024-49202 HIGH This Week

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.6
EPSS
0.3%
CVE-2024-47040 CRITICAL Act Now

There is a possible UAF due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption Android
NVD
CVSS 4.0
10.0
EPSS
0.2%
CVE-2024-1610 HIGH This Week

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
8.7
EPSS
0.7%
CVE-2024-12432 HIGH This Week

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation WordPress
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-12259 HIGH This Week

The CRM WordPress Plugin - RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-38499 HIGH This Week

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-55949 Go CRITICAL PATCH Act Now

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 4.0
9.3
EPSS
0.7%
CVE-2024-4762 HIGH This Week

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54229 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.0.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2024-56012 CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54379 HIGH This Week

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2024-54378 HIGH This Week

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
2.0%
CVE-2024-54365 HIGH This Week

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-54363 CRITICAL Emergency

Privilege escalation in the Wp NssUser Register WordPress plugin (versions through 1.0.0) by saiful.total allows remote unauthenticated attackers to gain elevated privileges due to incorrect privilege assignment. With a CVSS of 9.8 and an EPSS of 31.93% (97th percentile), this represents elevated exploitation likelihood relative to most CVEs, though no public exploit identified at time of analysis. The flaw permits full compromise of confidentiality, integrity, and availability of affected WordPress installations.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
31.9%
CVE-2024-54352 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-31891 HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Storage Scale
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11721 HIGH PATCH This Week

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Frontend Admin
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2024-12552 HIGH This Week

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Center
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-54293 CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-54248 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.8.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-54239 CRITICAL Act Now

Privilege escalation in the dugudlabs Eyewear Prescription Form WordPress plugin (versions up to and including 4.0.18) allows remote unauthenticated attackers to perform unauthorized actions by exploiting missing authorization checks. The CVSS 9.8 score with network attack vector and no privileges required indicates trivial exploitation against any WordPress site running this plugin, and the EPSS score of 3.05% (87th percentile) suggests elevated exploitation probability though no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
3.0%
CVE-2024-10783 HIGH POC THREAT Act Now

The MainWP Child - Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 23.2%.

Authentication Bypass Privilege Escalation WordPress
NVD
CVSS 3.1
8.1
EPSS
23.2%
CVE-2024-54104 HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-54103 HIGH This Week

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-11689 HIGH This Week

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress CSRF
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11443 HIGH This Week

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-44224 HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2024-11872 HIGH This Week

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Launcher
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2024-9845 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-8496 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11598 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-11597 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-10251 HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-28140 MEDIUM This Month

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2024-28139 HIGH This Week

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-11401 MEDIUM This Month

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 4.0
5.3
EPSS
0.3%
CVE-2024-55550 LOW POC KEV THREAT Monitor

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Micollab
NVD
CVSS 3.1
2.7
EPSS
38.1%
CVE-2024-45494 CRITICAL Act Now

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54751 CRITICAL Act Now

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2024-47585 MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation SAP
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-55634 PHP HIGH PATCH This Week

A vulnerability in Drupal Core allows Privilege Escalation.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Drupal
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2024-50627 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2024-50625 HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2024-43222 CRITICAL Act Now

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-11220 HIGH This Week

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Open Automation Software
NVD
CVSS 4.0
8.5
EPSS
0.2%
CVE-2024-54747 CRITICAL POC Act Now

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn531P3 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-54745 CRITICAL POC Act Now

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn701Ae Firmware
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-12155 CRITICAL Act Now

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass
NVD
CVSS 3.1
9.8
EPSS
4.2%
CVE-2024-11323 HIGH This Week

The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-11643 HIGH This Week

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2024-46624 HIGH This Week

An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.4%
CVE-2024-54131 Go HIGH PATCH This Week

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD GitHub
CVSS 4.0
7.3
EPSS
0.2%
CVE-2024-53921 LOW Monitor

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Magician
NVD
CVSS 3.1
2.8
EPSS
0.2%
CVE-2024-53484 HIGH This Week

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
CVSS 3.1
8.8
EPSS
0.5%
CVE-2024-46908 HIGH This Week

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SQLi Whatsup Gold
NVD
CVSS 3.1
8.8
EPSS
2.3%
EPSS 0% CVSS 7.8
HIGH This Week

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 0% CVSS 7.8
HIGH This Week

An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Trend Micro Apex One
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce - eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.4.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.0.23. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.8119. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.9.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.9.9.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.0.4. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Panda Dome
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Pdf Editor +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Tabby (formerly Terminus) is a highly configurable terminal emulator. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple
NVD GitHub
EPSS 1% CVSS 8.8
HIGH This Week

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Dell Supportassist For Business Pcs +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Dell Nativeedge Orchestrator
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Week

In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Apple Privilege Escalation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Custom Login Page Styler - Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login - Limit. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.5
HIGH This Week

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Denial Of Service Vaultwarden
NVD GitHub
EPSS 1% CVSS 7.8
HIGH PATCH This Week

systeminformation is a System and OS information library for node.js. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Code Injection RCE +1
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Nomad
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Ng Firewall
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

PVH guests have their ACPI tables constructed by the toolstack. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Xen
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious. Rated high severity (CVSS 7.8). No vendor patch available.

Privilege Escalation Information Disclosure Microsoft
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Docker IBM +1
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Privilege escalation in the WooCommerce PDF Vouchers WordPress plugin (wpweb) affects all versions up to and including 4.9.8, allowing remote unauthenticated attackers to gain elevated privileges on affected sites due to incorrect privilege assignment. With a CVSS score of 9.8 and EPSS at the 90th percentile (5.34%), this represents a meaningful threat to WordPress sites running this plugin, though no public exploit identified at time of analysis. The vulnerability was reported by Patchstack and impacts the full confidentiality, integrity, and availability triad of affected WordPress installations.

Privilege Escalation WordPress
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

There is a possible UAF due to a logic error in the code. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption +1
NVD
EPSS 1% CVSS 8.7
HIGH This Week

In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 1% CVSS 8.1
HIGH This Week

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation WordPress
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The CRM WordPress Plugin - RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Week

CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 9.3
CRITICAL PATCH Act Now

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.0.02. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.0.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 2% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.2.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.0.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 32% CVSS 9.8
CRITICAL Emergency

Privilege escalation in the Wp NssUser Register WordPress plugin (versions through 1.0.0) by saiful.total allows remote unauthenticated attackers to gain elevated privileges due to incorrect privilege assignment. With a CVSS of 9.8 and an EPSS of 31.93% (97th percentile), this represents elevated exploitation likelihood relative to most CVEs, though no public exploit identified at time of analysis. The flaw permits full compromise of confidentiality, integrity, and availability of affected WordPress installations.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.5.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation IBM Storage Scale
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation WordPress Frontend Admin
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Center
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.2.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.8.2.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

Privilege escalation in the dugudlabs Eyewear Prescription Form WordPress plugin (versions up to and including 4.0.18) allows remote unauthenticated attackers to perform unauthorized actions by exploiting missing authorization checks. The CVSS 9.8 score with network attack vector and no privileges required indicates trivial exploitation against any WordPress site running this plugin, and the EPSS score of 3.05% (87th percentile) suggests elevated exploitation probability though no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD
EPSS 23% CVSS 8.1
HIGH POC THREAT Act Now

The MainWP Child - Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 23.2%.

Authentication Bypass Privilege Escalation WordPress
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress CSRF
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Launcher
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Automation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Workspace Control
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Application Control
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Performance Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Security Controls
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 38% CVSS 2.7
LOW POC KEV THREAT Monitor

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Micollab
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation SAP
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

A vulnerability in Drupal Core allows Privilege Escalation.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Drupal
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Information Disclosure +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

An issue was discovered in Digi ConnectPort LTS before 1.4.12. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation File Upload Connectport Lts Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.7.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.5
HIGH This Week

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Open Automation Software
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn531P3 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Wn701Ae Firmware
NVD
EPSS 4% CVSS 9.8
CRITICAL Act Now

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft
NVD GitHub
EPSS 0% CVSS 2.8
LOW Monitor

An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
EPSS 2% CVSS 8.8
HIGH This Week

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation SQLi Whatsup Gold
NVD
Prev Page 38 of 148 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy