Skip to main content

Privilege Escalation

auth HIGH

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted.

How It Works

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted. The attack exploits the gap between what the system thinks a user can do and what they actually can do through manipulation or exploitation.

Vertical escalation is the classic form—a regular user obtaining administrator rights. This happens through kernel exploits that bypass OS-level security, misconfigurations in role-based access control (RBAC) that fail to enforce boundaries, or direct manipulation of authorization tokens and session data. Horizontal escalation involves accessing resources belonging to users at the same privilege level, typically through insecure direct object references (IDOR) where changing an ID in a request grants access to another user's data.

Context-dependent escalation exploits workflow logic by skipping authorization checkpoints. An attacker might access administrative URLs directly without going through proper authentication flows, manipulate parameters to bypass permission checks, or exploit REST API endpoints that don't validate method permissions—like a read-only GET permission that can be leveraged for write operations through protocol upgrades or alternative endpoints.

Impact

  • Full system compromise through kernel-level exploits granting root or SYSTEM privileges
  • Administrative control over applications, allowing configuration changes, user management, and deployment of malicious code
  • Lateral movement across cloud infrastructure, containers, or network segments using escalated service account permissions
  • Data exfiltration by accessing databases, file systems, or API endpoints restricted to higher privilege levels
  • Persistence establishment through creation of backdoor accounts or modification of system configurations

Real-World Examples

Kubernetes clusters have been compromised through kubelet API misconfigurations where read-only GET permissions on worker nodes could be escalated to remote code execution. Attackers upgraded HTTP connections to WebSockets to access the /exec endpoint, gaining shell access to all pods on the node. This affected over 69 Helm charts including widely-deployed monitoring tools like Prometheus, Grafana, and Datadog agents.

Windows Print Spooler vulnerabilities (PrintNightmare class) allowed authenticated users to execute arbitrary code with SYSTEM privileges by exploiting improper privilege checks in the print service. Attackers loaded malicious DLLs through carefully crafted print jobs, escalating from low-privilege user accounts to full domain administrator access.

Cloud metadata services have been exploited where SSRF vulnerabilities combined with over-permissioned IAM roles allowed attackers to retrieve temporary credentials with elevated permissions, pivoting from compromised web applications to broader cloud infrastructure access.

Mitigation

  • Enforce deny-by-default access control where permissions must be explicitly granted rather than implicitly allowed
  • Implement consistent authorization checks at every layer—API gateway, application logic, and data access—never relying on client-side or single-point validation
  • Apply principle of least privilege with time-limited, scope-restricted permissions and just-in-time access for administrative functions
  • Audit permission inheritance and role assignments regularly to identify overly permissive configurations or privilege creep
  • Separate execution contexts using containers, sandboxes, or capability-based security to limit blast radius
  • Deploy runtime monitoring for unusual privilege usage patterns and anomalous access to restricted resources

Recent CVEs (13302)

EPSS 0%
Monitor

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability.

macOS Golang Privilege Escalation +1
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

FrankenPHP versions prior to 1.11.2 fail to properly isolate session data between worker requests, enabling cross-user session fixation where an attacker can read sensitive $_SESSION information intended for other users. This high-severity flaw affects multi-request worker mode deployments and has public exploit code available. A patched version 1.11.2 is available and should be deployed immediately.

Privilege Escalation Frankenphp Suse
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification. [CVSS 7.8 HIGH]

Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Doc Nav could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Freepbx versions up to 17.0.5 contains a vulnerability that allows attackers to forge a valid JWT with full access to the REST and GraphQL APIs on a FreePBX tha (CVSS 7.5).

MySQL Privilege Escalation Freepbx
NVD GitHub
EPSS 0% CVSS 8.2
HIGH PATCH This Week

Heap buffer overflow in the pg_trgm extension of PostgreSQL 18.0 and 18.1 allows authenticated database users to trigger memory corruption through specially crafted input strings. An attacker with database access could potentially achieve privilege escalation or cause service disruption, though exploit complexity is currently limited by restricted control over written data. No patch is currently available.

PostgreSQL Buffer Overflow Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

M-Track Duo HD version 1.0.0 installer is vulnerable to DLL hijacking due to improper library search path handling, enabling local attackers to execute arbitrary code with administrator privileges. An attacker with local access and user interaction can exploit this vulnerability by placing malicious DLLs in predictable locations to gain full system compromise. No patch is currently available for this high-severity vulnerability.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. [CVSS 6.0 MEDIUM]

Apple Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. [CVSS 8.8 HIGH]

Privilege Escalation Cipace
NVD
EPSS 0% CVSS 7.0
HIGH PATCH Act Now

D-Link products using BusyBox are vulnerable to privilege escalation through malicious tar archives containing unvalidated symlink or hardlink entries that extract files outside the intended directory. An attacker with local access can craft a specially crafted archive to modify critical system files when extraction occurs with elevated privileges, potentially gaining unauthorized system access. No patch is currently available for this vulnerability.

Privilege Escalation Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.6
HIGH This Week

Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membership management endpoints. [CVSS 7.6 HIGH]

Privilege Escalation Outline
NVD GitHub
EPSS 0%
Monitor

Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Vivado could allow a local attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. [CVSS 7.3 HIGH]

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. [CVSS 7.8 HIGH]

Privilege Escalation RCE
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access t...

WordPress Privilege Escalation PHP
NVD
EPSS 0%
This Week

A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.

Buffer Overflow Privilege Escalation RCE
NVD
EPSS 3% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Windows Remote Desktop contains an improper privilege management vulnerability (CVE-2026-21533, CVSS 7.8) enabling authorized local attackers to escalate to SYSTEM. KEV-listed, this vulnerability in the RDP subsystem is particularly concerning in environments where Remote Desktop is widely used, as it can be chained with RDP session access for complete system compromise.

Privilege Escalation Microsoft
NVD VulDB GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with...

Privilege Escalation
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect default permissions for some Intel(R) Memory and Storage Tool before version 2.5.2 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special i...

Privilege Escalation
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result ...

Privilege Escalation
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Privilege escalation in Intel QuickAssist Technology (QAT) on certain Intel platforms allows a system-software adversary already holding privileged (Ring 0 / kernel-level) access to read and corrupt kernel state via an unprotected alternate hardware interface. The flaw stems from a missing protection mechanism on a secondary hardware control path, yielding high confidentiality and integrity impact but no availability loss. There is no public exploit identified at time of analysis, EPSS is negligible (0.01%), and it is not listed in CISA KEV.

Privilege Escalation Intel
NVD VulDB
EPSS 0% CVSS 3.3
LOW Monitor

Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data corruption. [CVSS 3.3 LOW]

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Intel(R) Graphics Driver software within Ring 2: Privileged Process may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation Intel
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Uncontrolled search path for some AI Playground before version 2.6.1 beta within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowl...

Privilege Escalation AI / ML
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Graphics Software versions up to 25.30.1702.0 contains a vulnerability that allows attackers to an escalation of privilege (CVSS 6.7).

Privilege Escalation Intel
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 3.9 LOW]

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.9
HIGH This Week

Race condition for some TDX Module within Ring 0: Hypervisor may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 7.9 HIGH]

Privilege Escalation Race Condition
NVD VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. [CVSS 8.2 HIGH]

Privilege Escalation
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Improper buffer restrictions in the firmware for the TDX Module may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. [CVSS 4.7 MEDIUM]

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper input validation for some Server Firmware Update Utility(SysFwUpdt) before version 16.0.12 within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. [CVSS 7.5 HIGH]

Privilege Escalation
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Uncontrolled search path in some software installer for some VTune(TM) Profiler software and Intel(R) oneAPI Base Toolkits before version 2025.0. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access w...

Privilege Escalation
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper conditions check for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. [CVSS 6.7 MEDIUM]

Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Siemens SINEC NMS versions prior to V4.0 SP2 can be achieved when a low-privileged user modifies configuration files to load malicious DLLs, resulting in administrative privilege execution. This local vulnerability affects all current deployments and currently has no available patch. An authenticated attacker with local access can exploit this to gain full system compromise.

Privilege Escalation RCE Sinec Nms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CVSS 7.8 HIGH]

Privilege Escalation Camera Station Pro
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

SAP Business Workflow contains an authorization bypass that allows authenticated administrators to escalate privileges by misusing permissions from lower-sensitivity functions to perform unauthorized high-privilege operations. An attacker with admin credentials can exploit this flaw to compromise data integrity, though confidentiality and availability impacts are limited. No patch is currently available for this vulnerability.

SAP Privilege Escalation Sap Basis
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate privileges and modify data they should not have access to. The vulnerability affects SAP S/4HANA Core installations and requires user authentication to exploit, limiting the immediate risk but potentially enabling insider threats or account compromise scenarios.

SAP Privilege Escalation S4core
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unauthorized option modification in WCFM - Frontend Manager for WooCommerce up to version 6.7.24 allows authenticated Shop Manager-level users to bypass capability checks and alter arbitrary WordPress settings. An attacker with these privileges can exploit this to change the default registration role to administrator and enable user registration, gaining full admin access to the site. No patch is currently available for this vulnerability.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Endpoint Configuration Toolset Solution is affected by improper link resolution before file access (CVSS 7.8).

Privilege Escalation Endpoint Configuration Toolset Solution Patch Endpoint Tools
NVD
EPSS 0% CVSS 7.7
HIGH PATCH This Week

Privilege escalation in Cube.js versions 0.27.19 through 1.5.12 allows authenticated attackers to craft specially designed API requests that bypass access controls and gain elevated privileges within the application. This vulnerability affects Cube.js semantic layer deployments and requires only a valid API token to exploit, making it a risk to multi-tenant or role-based access control implementations. No patch is currently available for this HIGH severity issue.

Privilege Escalation Cube.Js
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools. [CVSS 7.8 HIGH]

Privilege Escalation Patch Endpoint Tools
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Tanium addressed a local privilege escalation vulnerability in Tanium Server. [CVSS 6.7 MEDIUM]

Privilege Escalation Server Module Server
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Tanium addressed a local privilege escalation vulnerability in Tanium Module Server. [CVSS 6.7 MEDIUM]

Privilege Escalation Server Module Server
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Craft CMS versions 4.0.0-RC1 to 4.17.0 and 5.0 to 5.9.0 contain a privilege escalation vulnerability in the GraphQL API that allows authenticated users with write access to one asset volume to modify or transfer assets across any other volume, including restricted ones they should not access. The vulnerability stems from insufficient authorization validation in the saveAsset mutation, which verifies permissions against the intended volume but fails to confirm the target asset actually belongs to that volume. An attacker with limited asset write permissions can exploit this to gain unauthorized access to and manipulate sensitive assets in protected volumes.

Privilege Escalation Craft Cms
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). [CVSS 5.4 MEDIUM]

Privilege Escalation Red Hat
NVD
EPSS 0% CVSS 7.8
HIGH This Week

GIGABYTE MacroHub improperly executes external applications with elevated privileges, enabling authenticated local users to achieve arbitrary code execution with SYSTEM-level access. This local privilege escalation affects MacroHub users on Windows systems and could allow attackers to fully compromise affected machines. No patch is currently available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_profile' function. [CVSS 8.8 HIGH]

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in JAY Login & Register WordPress plugin allows unauthenticated attackers to register as administrators. All versions up to 1.1.6 affected.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 6.2
MEDIUM POC This Month

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. [CVSS 6.2 MEDIUM]

Windows Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 10.0
CRITICAL PATCH Act Now

Claude Code prior to version 2.1.2 has a CVSS 10.0 sandbox escape in the bubblewrap sandboxing mechanism, allowing code execution outside the intended sandbox boundary.

Privilege Escalation Code Injection RCE +4
NVD GitHub VulDB
EPSS 0% CVSS 6.7
MEDIUM This Month

Local privilege escalation vulnerability via insecure temporary batch file execution in ESET Management Agent [CVSS 6.7 MEDIUM]

Privilege Escalation Management Agent
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.1).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Permission control vulnerability in the AMS module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]

Privilege Escalation Emui Harmonyos
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Harmonyos versions up to 5.1.0 is affected by permissions, privileges, and access controls (CVSS 5.9).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 6.3).

Privilege Escalation Harmonyos
NVD
EPSS 0% CVSS 9.3
CRITICAL Act Now

Missing bounds check in Android VPU (Video Processing Unit) driver's vpu_mmap allows arbitrary address memory mapping, potentially leading to local privilege escalation on Android devices.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Enforce. [CVSS 6.5 MEDIUM]

Privilege Escalation Enforce
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Benchmark. [CVSS 6.5 MEDIUM]

Privilege Escalation Benchmark
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Comply. [CVSS 6.5 MEDIUM]

Privilege Escalation Comply
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Discover. [CVSS 6.5 MEDIUM]

Privilege Escalation Discover
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Partner Integration. [CVSS 6.5 MEDIUM]

Privilege Escalation Partner Integration
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Patch. [CVSS 6.5 MEDIUM]

Privilege Escalation Patch
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Tanium addressed an incorrect default permissions vulnerability in Performance. [CVSS 6.5 MEDIUM]

Privilege Escalation Performance
NVD
EPSS 0% CVSS 2.7
LOW Monitor

Tanium addressed an improper input validation vulnerability in Tanium Appliance. [CVSS 2.7 LOW]

Privilege Escalation Tanos
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Bootloader menu access in Moxa UC series industrial computers can be obtained by attackers with physical access using a device-unique password, potentially enabling temporary denial-of-service through firmware reflashing. The vulnerability is constrained by bootloader signature verification that prevents installation of unsigned firmware or arbitrary code execution. No patch is currently available for affected Linux and UC firmware versions.

Linux Privilege Escalation V1202 Ct T Firmware +34
NVD
EPSS 0% CVSS 9.0
CRITICAL Act Now

Multiple stored XSS vulnerabilities in Axigen Mail Server before 10.5.57 WebAdmin interface allow authenticated administrators to inject persistent malicious scripts that execute in other admin sessions.

TLS XSS Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

Insecure folder permissions in MEmu Play 7.1.3 Android emulator allow low-privileged users to modify application binaries, enabling privilege escalation to SYSTEM. PoC available.

Privilege Escalation
NVD Exploit-DB
EPSS 0% CVSS 4.2
MEDIUM PATCH This Month

Central Authentication System Server versions up to 2.0.3 contains a security vulnerability (CVSS 4.2).

Drupal Privilege Escalation Central Authentication System Server
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

The Microsoft Entra ID SSO Login module for Drupal before version 1.0.4 contains an authentication bypass vulnerability that allows unauthenticated attackers to escalate privileges through an alternate authentication channel. An attacker can exploit this flaw to gain unauthorized access with elevated permissions on affected Drupal installations. No patch is currently available, and the vulnerability has low exploit probability (EPSS 0.1%).

Drupal Privilege Escalation Authentication Bypass +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Drupal Role Delegation module versions 1.3.0 through 1.5.0 contains an unsafe privilege definition vulnerability that permits authenticated users with delegation permissions to escalate their privileges within the application. An attacker with limited account access could exploit this flaw to gain elevated permissions and modify system settings or access restricted functionality. No patch is currently available for this vulnerability.

Privilege Escalation Role Delegation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Autodesk 3ds Max occurs when users open max files from maliciously crafted project directories that exploit an untrusted search path vulnerability. Local attackers can leverage this to execute arbitrary code with the privileges of the current user without requiring special permissions or interaction beyond opening a file. No patch is currently available for this high-severity vulnerability affecting 3ds Max users.

Privilege Escalation RCE 3ds Max
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

F5 BIG-IP Container Ingress Services contains an improper privilege management flaw that allows high-privileged users to read sensitive cluster secrets beyond their intended authorization scope. An authenticated attacker with elevated permissions could exploit this vulnerability to gain unauthorized access to confidential Kubernetes cluster data. No patch is currently available for this medium-severity issue.

Privilege Escalation Big Ip Container Ingress Services
NVD
EPSS 0% CVSS 9.3
CRITICAL PATCH Act Now

Qwik JavaScript framework prior to 1.19.0 has a prototype pollution vulnerability that can lead to server-side code execution in SSR applications.

Denial Of Service Privilege Escalation Authentication Bypass +1
NVD GitHub
EPSS 0%
Monitor

An untrusted search path vulnerability has been identified in the Embedded Solutions Framework in various Lexmark devices. This vulnerability can be leveraged by an attacker to execute arbitrary code.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Local code injection in NVIDIA Megatron-LM allows authenticated users to achieve arbitrary code execution and privilege escalation through malicious input to vulnerable scripts. An attacker with local access can craft specially designed data to trigger unsafe code evaluation, enabling complete system compromise including data theft and modification. No patch is currently available for this vulnerability affecting all supported platforms.

Privilege Escalation Code Injection Information Disclosure +1
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. [CVSS 6.5 MEDIUM]

Python Privilege Escalation Deserialization +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. [CVSS 7.8 HIGH]

Privilege Escalation Total Security
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Endpoint Privilege Manager versions up to 25.10.0 is affected by improper privilege management (CVSS 7.8).

Privilege Escalation Endpoint Privilege Manager
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. [CVSS 5.4 MEDIUM]

Moodle Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in Roland Cloud Manager installer versions 3.1.19 and earlier results from insecure DLL loading, enabling local attackers to execute malicious code with application-level privileges. An attacker with local access and user interaction can exploit this vulnerability to compromise systems running the affected installer. No patch is currently available to remediate this vulnerability.

Privilege Escalation RCE
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Fabric Operating System versions up to 9.2.1 is affected by execution with unnecessary privileges (CVSS 5.5).

Privilege Escalation Fabric Operating System
NVD
EPSS 0% CVSS 7.3
HIGH This Week

BuhoCleaner contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoCleaner: 1.15.2.

Race Condition Privilege Escalation Buhocleaner
NVD
EPSS 0% CVSS 8.8
HIGH POC This Week

Native Access on macOS allows local authenticated attackers to inject malicious libraries into the privileged XPC helper process due to overly permissive code signing entitlements, enabling arbitrary code execution with system-level privileges. The vulnerability stems from the application being signed with dyld environment variable and library validation bypass entitlements while communicating with a trusted helper that validates only the signing certificate. Public exploit code exists, and no patch is currently available.

Privilege Escalation Apple
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote privilege escalation in Android Thread networking protocol implementation via out-of-bounds write. No additional execution privileges needed.

Privilege Escalation Matter
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Local privilege escalation in Android's PCIe driver stems from an out-of-bounds write vulnerability caused by insufficient bounds validation, allowing attackers with system-level privileges to escalate their access without user interaction. This medium-severity vulnerability (CVSS 5.3) affects Android devices and currently has no available patch. The CWE-787 vulnerability requires an attacker to already possess system privileges, limiting the immediate exploitation scope.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android's imgsys component contains a use-after-free vulnerability that allows privilege escalation when exploited by an attacker who already has system-level access. The flaw requires no user interaction and could enable a malicious actor to escalate their privileges further within the device. Currently, no patch is available to address this vulnerability.

Use After Free Privilege Escalation Android +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Android versions up to 15.0 contains a vulnerability that allows attackers to local escalation of privilege if a malicious actor has already obtained the Syst (CVSS 6.7).

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Android cameraisp component contains an out-of-bounds write vulnerability due to insufficient bounds validation, enabling privilege escalation for attackers who have already gained system-level access. No user interaction is required for exploitation, and the vulnerability affects confidentiality, integrity, and availability of the device. No patch is currently available.

Privilege Escalation Android Google
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A use-after-free vulnerability in Android's cameraisp component allows privilege escalation to local denial of service for attackers with system-level access, requiring no user interaction. The flaw enables malicious actors to manipulate memory safety boundaries and execute arbitrary actions within the camera service context. No patch is currently available for this vulnerability.

Use After Free Denial Of Service Privilege Escalation +2
NVD
Prev Page 16 of 148 Next

Quick Facts

Typical Severity
HIGH
Category
auth
Total CVEs
13302

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy