Privilege Escalation

Authenticated attackers can escalate privileges to Administrator in AI Engine WordPress plugin version 3.4.9 through improper authorization in the MCP OAuth bearer-token implementation. The plugin accepts any valid OAuth token for Model Context Protocol (MCP) access without verifying administrator privileges, allowing low-privileged users (Subscriber+) to execute admin-level MCP tools. No public exploit or active exploitation identified at time of analysis.

Budibase servers before version 3.38.1 allow any authenticated application user to modify datasource connection parameters through the REST API endpoint PUT /api/datasources/:datasourceId, which requires only basic TABLE/READ permissions instead of builder-level access. This authorization bypass enables attackers with minimal BASIC role privileges to redirect PostgreSQL, MySQL, MongoDB, or REST datasources to arbitrary hosts and ports, creating server-side request forgery (SSRF) conditions that bypass existing HTTP-layer protections for SQL driver connections. The vulnerability has been assigned CVSS 8.8 (High) and is fixed in Budibase 3.38.1.

Local privilege escalation in the Linux kernel ptrace subsystem allows authenticated users to bypass the traditional capability-dropping security model when accessing kernel thread details via PTRACE_MODE_READ_FSCREDS checks. The flaw stems from get_dumpable() logic returning misleading values for tasks without an associated memory map (mm), enabling uid-0 processes that have dropped capabilities to still read sensitive kernel thread information. Publicly available exploit code exists (referenced in OSS-security and a GitHub PoC against ssh-keysign), though EPSS scoring (0.02%) indicates low likelihood of widespread exploitation.

HarmonyOS app management and control module permits local privilege escalation through improper permission controls, allowing unauthenticated local attackers with user interaction to access confidential service data. CVSS 3.6 (low severity) reflects local-only attack vector and requirement for user interaction, though the privilege escalation nature means affected systems warrant review for deployment context.

Privilege escalation in Frontend Admin by DynamiApps plugin allows authenticated attackers with editor-level access to elevate privileges to administrator. The vulnerability exists due to insufficient authorization checks when configuring user role options in edit_user forms combined with overly permissive capabilities on the admin_form post type. Attackers can bypass UI restrictions by directly manipulating POST data to include 'administrator' in role_options, then use the crafted form to assign themselves administrator privileges. CVSS 8.8 reflects network-accessible, low-complexity exploitation requiring only low privileges (editor account). No public exploit code identified at time of analysis, though the attack chain is straightforward for authenticated users. EPSS data not provided, but the technical barrier is minimal once editor access is obtained.

Local privilege escalation in VMware Fusion allows authenticated users with non-administrative privileges to gain root access by exploiting a TOCTOU race condition in a SETUID binary. The vulnerability requires local access and low attack complexity (CVSS:3.1 AV:L/AC:L/PR:L), enabling complete system compromise on macOS hosts running affected Fusion versions. EPSS and KEV status data not available; exploitation requires existing local user access but can bypass all privilege boundaries once triggered.

Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt instructions executed at a different privilege level, potentially resulting in privilege escalation.

DDR5 memory modules in multiple AMD Ryzen processor families contain an insecure default PMIC (Power Management Integrated Circuit) interface configuration that allows local users with standard privileges to cause permanent denial of service or corrupt memory module integrity via unprotected firmware access. The vulnerability affects Ryzen 4000, 7000, 7020, 7030, 7035, 7040, 7045 series processors and Threadripper Pro 3000 WX-series, requiring local system access but no special privileges or user interaction. No public exploit code or active exploitation has been confirmed at time of analysis.

Local privilege escalation in Rapid7 Metasploit Pro allows unprivileged Windows users to achieve SYSTEM-level execution via OpenSSL configuration file hijacking. The metasploitPostgreSQL service loads openssl.cnf from a non-existent directory writable by standard users, enabling arbitrary command execution with SYSTEM privileges. Rated CVSS 8.5 (High) with proof-of-concept exploitation status (E:P). EPSS data not yet available. Not currently listed in CISA KEV catalog, suggesting vendor-disclosed rather than observed in-the-wild exploitation at time of analysis.

Local privilege escalation in AMD Platform Management Framework (PMF) allows authenticated attackers with low privileges to unmap arbitrary memory pages, potentially executing code with elevated privileges or triggering system crashes. Affects modern AMD Ryzen mobile processors across multiple generations (6000/7000/8000/AI 300 series, embedded variants). The vulnerability enables both horizontal escalation (confidentiality compromise via changed scope in CVSS 4.0) and vertical impact (integrity/availability degradation). No evidence of active exploitation (not in CISA KEV), but the local attack vector with low complexity makes this exploitable by malware or malicious insiders once system access is obtained. EPSS data not available for risk calibration.

Out-of-bounds write in the AMD Platform Management Framework (PMF) Driver enables local authenticated users to escalate privileges on AMD Ryzen 6000/7000/8000 series processors. The vulnerability stems from improper input validation (CWE-787) allowing memory corruption beyond allocated buffer boundaries. Exploitation requires low-privilege local access with low attack complexity (CVSS 4.0: AV:L/AC:L/PR:L), making this a realistic post-compromise escalation vector. AMD released chipset driver version 7.06.02.123 addressing all affected Ryzen series. No public exploit or active exploitation confirmed at time of analysis.

Out-of-bounds read/write in AMD Platform Management Framework (PMF) driver allows local authenticated users to escalate privileges on Ryzen 6000/7000/8000 series processors. AMD has released patched chipset software version 7.06.02.123 addressing the improper input validation vulnerability. No public exploit code identified and CISA has not added this to KEV, indicating exploitation is not yet confirmed in real-world attacks despite the high CVSS score. Attackers must already have local system access with standard user privileges to exploit this vulnerability.

Insecure installation directory permissions in AMD chipset driver allow local authenticated attackers to achieve SYSTEM-level privilege escalation and execute arbitrary code. The vulnerability affects nearly all AMD Ryzen, Threadripper, EPYC, and Athlon processors across desktop, mobile, embedded, and server product lines. AMD has released patched chipset driver versions 8.01.20.513 (consumer/workstation) and 8.03.14.329/8.03.16.641 (server). No active exploitation confirmed at time of analysis, but the local vector and low attack complexity make this exploitable by any authenticated Windows user, including standard users without admin rights.

Privilege escalation in AMD GPIO controller driver for Windows allows authenticated local users with low privileges to execute arbitrary code with elevated rights via insecure directory permissions. Affects nearly the entire AMD processor portfolio from Ryzen 3000-series through latest EPYC 9005 and Ryzen AI 300. AMD has released patched chipset drivers (version 7.04.09.545 for most desktop/mobile products, 8.03.16.641 for server platforms) addressing the vulnerability. EPSS score and KEV status not provided in source data, but the local attack vector and user interaction requirement limit remote exploitation risk despite the 7.0 CVSS score.

Multiple concurrent LDAP or OAuth first-login requests on a freshly deployed Open WebUI instance can all receive administrator privileges through a TOCTOU race condition in role assignment logic. The vulnerability affects deployments using LDAP or OAuth authentication on instances with no existing users. While the regular signup handler was explicitly patched for this race condition in earlier code ('Insert with default role first to avoid TOCTOU race'), the LDAP and OAuth authentication paths were never updated with the same fix. Vendor-released patch available in version 0.9.0 (April 2026). No active exploitation confirmed (not in CISA KEV), though publicly available exploit code exists per GitHub advisory GHSA-h3ww-q6xx-w7x3. CVSS 8.1 (High) reflects network attack vector but requires high attack complexity (precise timing of concurrent requests during narrow first-deployment window).

Stored XSS in Open WebUI Banner component enables privilege escalation from compromised admin to Super Admin. A malicious administrator can inject markdown-based JavaScript payloads (e.g., `[text](javascript:...)`) that bypass DOMPurify sanitization due to incorrect sanitizer-parser execution order in Banner.svelte:103. When the Super Admin views the global banner and clicks the crafted link, their session token is exfiltrated to the attacker. Vendor-released patch available in v0.8.0 (2026-02-12) reversing sanitization order to `DOMPurify.sanitize(marked.parse(...))`. CVSS 8.1 (High) with Network vector, Low complexity, but requires High privileges (admin) and User interaction (click). No KEV listing or EPSS data available; publicly disclosed POC with detailed reproduction steps.

{task_id}. Attackers can disrupt system-wide chat generation and background processing by continuously canceling active tasks across the multi-user instance. Publicly available exploit code exists. Vendor-released patch in v0.9.0 restricts global task endpoints to admin-only and introduces a scoped /api/tasks/chat/{chat_id}/stop endpoint for legitimate user-owned task termination. CVSS 7.1 (AV:N/AC:L/PR:L/UI:N) reflects network-accessible, low-complexity exploitation requiring only authenticated low-privilege access, with high availability impact and low confidentiality impact from task enumeration.

{id}/update) fails to enforce the workspace.tools authorization check that gates code execution, allowing users explicitly denied code execution capabilities to bypass this security boundary. This breaks Open WebUI's documented trust model where workspace.tools permission is intentionally disabled by default and 'equivalent to giving them shell access to the server.' Exploitation achieves root code execution (PID 1) in default Docker deployments, enabling extraction of secrets (WEBUI_SECRET_KEY, API keys), database access, and filesystem read/write. Confirmed by GitHub security advisory GHSA-p4fx-23fq-jfg6. No public exploit or KEV listing at time of analysis, but detailed proof-of-concept with Burp Collaborator confirmation exists in the advisory.

{id}/pin endpoint, which incorrectly checks for read permission instead of write permission. This privilege escalation enables read-only users to perform a write operation (toggling is_pinned state) that should be restricted to users with explicit write access. The vulnerability is limited to the pin operation and does not permit modification of note content, title, or access grants. Publicly available proof-of-concept demonstrates the bypass across all shared notes with read access.

Use after free in Accessibility in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

Privilege escalation in Crabbox versions prior to v0.12.0 allows authenticated users with visibility-only permissions to escalate privileges and obtain code execution, remote desktop access, and data exfiltration capabilities. By directly invoking three unprotected ticket-generation endpoints (/v1/leases/:id/code/ticket, /v1/leases/:id/webvnc/ticket, /v1/leases/:id/egress/ticket), attackers can obtain bridge-agent credentials and impersonate trusted lease-side bridges, bypassing intended read-only access restrictions. The vulnerability was patched in v0.12.0 (commit 95cb30dc) following VulnCheck disclosure. CVSS 8.6 (High) reflects network-accessible exploitation requiring only low-privilege authentication with low attack complexity. No active exploitation (CISA KEV) or public exploit code identified at time of analysis, though the attack is straightforward for authenticated insiders.

CSS injection in SAP NetWeaver Application Server ABAP allows unauthenticated remote attackers to inject malicious Cascading Style Sheets into web pages served by the application, with exploitation requiring user interaction (clicking or accessing the affected page). The injected CSS executes in the victim's browser context, resulting in low-impact confidentiality loss; integrity and availability are not affected. CVSS 3.1 reflects the limited impact and high attack complexity required.

Privilege escalation in wger fitness manager allows gym trainers to impersonate gym managers via session-chain attack. An authenticated trainer exploits flawed session-flag logic in the trainer-login endpoint to bypass permission checks - first switching into a low-privilege user, then leveraging the inherited 'trainer.identity' session flag to hop into manager accounts. Publicly available proof-of-concept demonstrates complete takeover of gym administration with CVSS 8.1 (network-accessible, low complexity). No vendor patch confirmed at time of analysis; vulnerability actively disclosed by wger-project GitHub advisory GHSA-9qpr-vc49-hqg2. EPSS score not available, not in CISA KEV. Root cause is CWE-269 (improper privilege management) in core/views/user.py lines 169-178.

Command injection in @apostrophecms/cli apos create command allows arbitrary command execution when a user supplies specially crafted input during the interactive password prompt. The vulnerability exists in lib/commands/create.js line 186, where user-supplied password input is passed directly into a shell exec() call without sanitization or escaping, enabling attackers to inject shell metacharacters (;, &&, $()) to execute arbitrary commands with the privileges of the user running the CLI. Exploitation requires user interaction (UI:R) and high privilege context (PR:H), but publicly available proof-of-concept demonstrates successful arbitrary code execution on Ubuntu systems with Node.js.

Improper privilege management in AMD's KVM key download component allows authenticated local attackers to swap tokens and exfiltrate sensitive cryptographic keys due to insufficient access controls, potentially enabling unauthorized access to privileged resources and compromising system confidentiality. The vulnerability requires authenticated access (PR:L) but carries high confidentiality impact (VC:H), making it a significant risk in multi-tenant or shared-access environments.

Fleet server crashes from a single malformed gRPC request to the PublishLogs endpoint, allowing complete denial of service. An attacker with any enrolled Launcher node key can terminate the Fleet server process instantly via a crafted gRPC call. CVSS 8.7 (High) reflects the ease and impact, though exploitation requires prior enrollment of a Launcher host. Vendor-released patch version 4.81.0 available. No public exploit identified at time of analysis, but attack requires minimal sophistication given authenticated access.

Fleet trusts untrusted client-supplied IP address headers (X-Forwarded-For, X-Real-IP, True-Client-IP) when determining source IP for incoming requests, allowing both authenticated and unauthenticated attackers to spoof their apparent IP address and bypass per-IP rate limiting controls. This enables brute-force and password-spraying attacks against authentication endpoints to scale without triggering rate-limit protections, though the vulnerability does not itself enable authentication bypass, privilege escalation, data exposure, or remote code execution.

Hiseeu C90 v5.7.15 exposes a UART bootloader in debug mode when the device battery is disconnected, allowing unauthenticated physical attackers with direct hardware access to achieve privilege escalation and potentially execute arbitrary code with full device control. This vulnerability requires physical tampering to trigger but bypasses all software-based security controls once activated.

Configuration manipulation in F5 BIG-IP and BIG-IQ Certificate Manager allows authenticated attackers with high privileges to execute arbitrary commands with scope change. Attackers holding Certificate Manager role credentials can modify configuration objects to run system commands, escalating from administrative interface access to underlying system control. CVSS 8.7 reflects the scope change (S:C) enabling broader impact than typical privileged command injection. No public exploit identified at time of analysis. F5 has released vendor patches per K000160972.

Authenticated administrators with Resource Administrator or Administrator role can execute arbitrary system commands with elevated privileges in F5 BIG-IP scripted monitors, potentially crossing security boundaries in appliance mode deployments. The vulnerability requires high privilege level and network access but allows complete command execution with no user interaction, affecting confidentiality and integrity.

Privilege escalation in F5 BIG-IP allows authenticated Resource Administrator users to elevate privileges through configuration object manipulation. The command injection flaw (CWE-77) enables attackers with existing high-privilege access to gain administrative control over the BIG-IP system. CVSS score of 8.7 reflects high impact due to scope change (compromising beyond the vulnerable component), though exploitation requires existing Resource Administrator credentials (PR:H). EPSS data not provided; no CISA KEV listing indicates targeted rather than widespread exploitation.

Privilege escalation in F5 BIG-IP allows authenticated Resource Administrators to gain full Administrator privileges by exploiting insecure iControl SOAP API configuration handling. Attackers with high-privilege Resource Administrator access can modify configuration objects to escalate to Administrator level, achieving cross-scope access to confidential data and integrity compromise. EPSS risk assessment unavailable, but exploitation requires legitimate Resource Administrator credentials and network access to management interface, limiting attack surface to insider threats or compromised administrative accounts.

Command injection in F5 BIG-IP and BIG-IQ SNMP configuration allows highly privileged Resource Administrators to escalate privileges to root via crafted iControl REST API calls or TMOS shell commands. Despite the high CVSS score (8.7), exploitation requires existing Resource Administrator credentials, significantly limiting real-world attack surface to insider threats or post-compromise scenarios. Vendor-released patches are available per F5 security advisory K000160981.

Privilege escalation in F5 BIG-IP allows authenticated Resource Administrators or Administrators to execute arbitrary OS commands by creating malicious SNMP configuration objects via the legacy iControl SOAP API. Attackers with high-level administrative credentials can break out of their role constraints to gain full system control. F5 has released patches addressing this command injection flaw (CWE-78). No active exploitation confirmed at time of analysis, but the CVSS:3.1 Changed Scope indicator and attack complexity of Low make this exploitable by any administrator with SOAP API access.

Local privilege escalation in Linux kernel XFRM ESP-in-TCP subsystem (Fragnesia vulnerability) allows authenticated local attackers to overwrite kernel memory structures by exploiting arbitrary byte writes into the kernel page cache of read-only files. CVSS score of 7.8 reflects high impact across confidentiality, integrity, and availability. Low attack complexity (AC:L) and no user interaction requirement (UI:N) make this exploitable by any local user with basic privileges. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis, but the specific vulnerability name 'Fragnesia' suggests coordinated disclosure with security research community.

Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

ChurchCRM is an open-source church management system. Prior to 7.3.2, UserEditor.php processes user account creation and permission updates entirely through $_POST parameters with no CSRF token validation. An unauthenticated attacker can craft a malicious HTML page that, when visited by an authenticated administrator, silently elevates any low-privilege user to full administrator or creates a new admin backdoor account without the victim's knowledge This vulnerability is fixed in 7.3.2.

- Arbitrary File Write - An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE - By overwriting critical binaries or scripts, the attacker can execute arbitrary code with the server’s privileges. The legacy router first retrieves a response from `legacyServer`, parses the incoming request path, and ultimately writes the data to storage via `buildStorage.Put` (see <https://github.com/esm-dev/esm.sh/blob/4312ae93e518121e764a18bb521af12e490ef137/server/legacy_router.go#L291>). For a URL such as: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` the router concatenates the path components without sanitizing them, producing a storage key like: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` When this key is used, the underlying file system resolves the relative segments and writes the file to `/tmp/pwned`. Thus an attacker can craft a request that writes data to arbitrary locations on the server. 1. **URL Construction** A crafted request is sent to the server: ``` http://ESM_SH_HOST/v111/react@19.2.0/esnext/..%2f..%2f..%2fgh/<attacker>/exp@1171e85d5d/foo.md%23%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2ftmp%2fpwned ``` 2. **Proxy to Legacy Server** The request is forwarded to: ``` http://legacy.esm.sh/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../tmp/pwned ``` which resolves to: ``` http://legacy.esm.sh/gh/<attacker>/exp@1171e85d5d/foo.md ``` 3. **File Retrieval** The server fetches `foo.md` from the GitHub repository `https://github.com/<attacker>/exp`. 4. **Path Normalisation & Storage** The storage path derived from the request is: ``` legacy/v111/react@19.2.0/esnext/../../../gh/<attacker>/exp@1171e85d5d/foo.md#/../../../../../../../../../../tmp/pwned ``` Normalising this path yields `/tmp/pwned`. The retrieved file content is then written to that location. 5. **Result** By repeating this pattern, an attacker can overwrite arbitrary binaries or scripts on the server, paving the way for remote code execution. splitline (@\_splitline\_) from DEVCORE Research Team

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subauth field. Attackers can exploit this vulnerability by creating a directory, setting the malicious DACL via SMB2_SET_INFO, and creating child entries to cause kernel instability, denial of service, or potentially achieve privilege escalation to kernel code execution.

Wiki.js is an open source wiki app built on Node.js. Prior to 2.5.313, the users.update GraphQL mutation accepts an arbitrary groups array and applies it directly to the database with no validation of the group IDs supplied. The resolver passes the caller's arguments straight to the model without any ownership check or restriction on which groups can be assigned. A user with manage:users - a permission typically delegated to wiki moderators for account management - can set groups:[1] on their own account to self-assign to the Administrators group. After re-authentication, the fresh JWT carries manage:system, granting full site administrator access in a single mutation call. This vulnerability is fixed in 2.5.313.

Improper input validation for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Out-of-bounds write for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Improper privilege management in Microsoft Dynamics 365 Customer Insights allows an authorized attacker to elevate privileges over a network.

Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network.

Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Improper input validation for some Intel Endpoint Management Assistant (EMA) software before version 1.14.5 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Uncontrolled search path for some Intel(R) Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Buffer overflow for the Intel(R) Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Uncontrolled search path for some Intel(R) Connectivity Performance Suite software installers before version 50.25.1121.193 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts.

Untrusted pointer dereference for some Intel(R) QuickAssist Adapter 8960 software before version 1.13 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Server-Side Request Forgery (SSRF) in Pandora FMS versions 777-800 enables authenticated attackers to escalate privileges through the API Checker extension. Attackers with low-privilege network access can force the server to make arbitrary requests, potentially accessing internal resources and escalating to higher confidentiality impact (CVSS VC:H). EPSS data not available; no confirmed active exploitation (not in CISA KEV). Vendor has acknowledged the issue per PandoraFMS security advisory, indicating patch development is likely underway.

Unauthenticated arbitrary file read in dalfox REST API server mode allows remote attackers to exfiltrate sensitive files from the host filesystem. The vulnerability chains two flaws: missing authentication middleware when no API key is set (default configuration), and unsanitized deserialization of the `custom-payload-file` JSON parameter directly into the scan engine. Remote attackers can supply any file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, cloud credential files) and the engine reads each line, embeds it as an XSS payload, and transmits it to an attacker-controlled HTTP endpoint via dalfox's own scan traffic. No exploit code is publicly identified at time of analysis; vendor-released patch available in version 2.13.0.

Local privilege escalation in Ivanti Endpoint Manager agent allows authenticated users to gain SYSTEM-level privileges via incorrect file or registry permissions. Affects all versions prior to 2024 SU6. Vendor has released a patch (version 2024 SU6). No evidence of active exploitation or public POC identified at time of analysis, though EPSS data not available. Organizations running EPM agents on managed endpoints should prioritize patching given the high CVSS score (7.8) and potential for lateral movement across enterprise environments.

Race condition in Ivanti Secure Access Client enables local privilege escalation to SYSTEM from low-privileged accounts. Affects versions before 22.8R6. An authenticated local user can exploit timing vulnerabilities in the client software to gain complete system control. While limited to local attack vector (requires existing access to the target system), the low attack complexity (AC:L) and lack of user interaction requirement (UI:N) make this exploitable once local access is achieved. No public exploit code identified at time of analysis, and EPSS risk scoring not yet available for this 2026 CVE.

Local privilege escalation in Dell PowerScale InsightIQ versions 5.0.0 through 6.2.0 allows high-privileged attackers to execute code with unnecessary elevated privileges, potentially escalating to full system compromise. The vulnerability requires existing local access and high privilege level on the affected system; no public exploit has been identified at time of analysis.

Privilege escalation in Turboard FOR-S allows remote unauthenticated attackers to gain elevated access by exploiting incorrect authorization checks, requiring only user interaction. The vulnerability affects versions 7.01.2026 through 17.02.2026, with fix available in version 18.02.2026. Turkish national CERT (TR-CERT) reported this authorization bypass vulnerability (CWE-863), which enables attackers to compromise confidentiality, integrity, and availability of the affected business intelligence platform.

Remote unauthenticated attackers can access confidential data from other users' chat sessions in Spring AI applications due to insecure default configuration in the chat memory component. The vulnerability allows network-based exploitation with no authentication required (CVSS:3.1 AV:N/AC:L/PR:N/UI:N) and impacts confidentiality only (C:H/I:N/A:N), enabling cross-user data leakage in multi-tenant AI chat implementations. Reported by VMware, affecting Java-based Spring AI deployments where developers have not explicitly configured chat memory isolation.

Weak credential generation in Ingeteam's Ingecon Sun EMS Board Technical Support access mechanism allows remote privilege escalation via cryptographic weakness. The SAT (Technical Support) access feature generates credentials using a weak hashing algorithm instead of cryptographically secure methods, enabling attackers to predict or derive privileged access credentials. CVSS 9.2 reflects network-accessible attack with high complexity but no authentication required. INCIBE coordinated disclosure confirms vendor patch availability, and a practical analysis of the vulnerability has been published by ReverseMode, indicating detailed technical understanding exists in the research community.

Improper input validation in an Axis OS configuration file allows authenticated SSH users to execute code and potentially escalate privileges. The vulnerability requires valid SSH credentials but affects all Axis OS versions, making it a significant risk for organizations running Axis network devices with SSH access exposed or shared credentials.

Privilege escalation in Axis OS via path traversal in ACAP configuration files allows high-privileged local attackers to achieve code execution with elevated permissions. The vulnerability requires the device to be configured for unsigned ACAP application installation and the attacker to socially engineer a user into installing a malicious ACAP application. CVSS 6.7 reflects high confidentiality, integrity, and availability impact, but exploitation is constrained by high-privilege requirement and user interaction. No public exploit code or active exploitation has been identified at time of analysis.

Command injection in Axis OS ACAP configuration file processing allows privilege escalation when unsigned ACAP applications are enabled and a user installs a malicious application. The vulnerability requires high-privileged user interaction and local access but bypasses normal code signing protections to achieve code execution with elevated privileges.

Axis OS allows privilege escalation via improper input validation during ACAP application installation when unsigned applications are permitted, enabling authenticated attackers with high privileges to gain elevated system access. The vulnerability requires explicit administrative configuration allowing unsigned ACAP installations and victim interaction to install a malicious application. No public exploit code or active exploitation has been confirmed at time of analysis.

Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing the function to accept the entire scope array if any single scope is valid. An attacker can smuggle the wildcard * scope by requesting scope=read *, escalating a read-only OAuth token to full unrestricted API access including write, delete, and admin operations. This vulnerability is fixed in 1.7.0.

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd (pihole-FTL-prestart.sh and pihole-FTL-poststop.sh) read the files.pid path from this config without validation and use it in privileged file operations (install and rm -f). By writing an arbitrary path into files.pid, an attacker with pihole privilege can cause root to delete and then recreate any file on the system outside the ProtectSystem=full-restricted directories, gaining write access to it. On a default Pi-hole installation this yields local privilege escalation to root via SSH authorized keys manipulation. If /root/.ssh/authorized_keys does not exist (default on fresh installs), only ExecStartPre is required. If the file exists, ExecStopPost deletes it first, and the same restart triggers both hooks in sequence. This vulnerability is fixed in Core 6.4.2 and FTL 6.6.1.

Sandbox escape vulnerability in Apple operating systems allows malicious apps with low privileges to break out of application sandbox and execute code with elevated privileges on the host system. Affects iOS, iPadOS, macOS, tvOS, visionOS, and watchOS across multiple versions. Apple has released patches for all affected platforms. EPSS score of 0.02% (7th percentile) indicates low probability of mass exploitation in the wild, though the CVSS 8.8 score reflects significant potential impact if successfully weaponized. No active exploitation confirmed at time of analysis.

Local privilege escalation in macOS allows authenticated users with low-level access to gain root privileges through a permissions enforcement flaw. Affects macOS Tahoe (pre-26.4), Sequoia (pre-15.7.7), and Sonoma (pre-14.8.7). Apple has released patches for all affected versions. Despite CVSS 7.8, EPSS score of 0.01% indicates minimal observed exploitation activity. No public exploit code identified at time of analysis, though the local attack vector and low complexity suggest post-compromise utility rather than initial access vector.

Local privilege escalation in macOS Sequoia, Sonoma, and Tahoe allows applications to gain root privileges through a state handling flaw in the operating system. Apple patched this consistency issue in macOS Sequoia 15.7.7, Sonoma 14.8.7, and Tahoe 26.5. Despite the high CVSS score (7.8), EPSS indicates only 0.02% exploitation probability (4th percentile), no public exploit code identified at time of analysis, and no CISA KEV listing, suggesting this is not yet widely exploited but represents a significant risk in multi-user or untrusted application environments.

{id}/users`) allows users having *manage_project_threshold* access level (*manager* by default) to grant project-level *administrator* access to any user (including themselves) in any Project they have *manager* rights in. The normal project-user add form does restrict the selectable access levels to the actor's own project role or below. However, the backend handler still accepts a forged higher access_level value and writes it. Privilege escalation. The consequences of the privilege escalation are not as bad as it may sound, because having *administrator* access at Project level is effectively not very different from being *manager*, it does not actually give administrator privileges on the whole MantisBT instance. In particular, it does not let the upgraded user delete the Project or grant them any access to global administrative functions such as managing Users, Projects, Plugins, Custom Fields, etc. - 69e0180f180ed5acf48a8d281a73683a7bf32461 None Thanks to the following security researchers for independently discovering and responsibly reporting the issue: - [Dracosec Research Limited](https://dracosec.tech/) (Siu Nam Tang, Chris Chan, Krecendo Hui, William Lam) - Vishal Shukla

Privilege escalation and OS command execution in CloudNativePG (CNPG) versions prior to 1.28.3 and 1.29.1 allow low-privileged PostgreSQL roles to gain superuser access and execute arbitrary commands inside the primary database pod. The metrics exporter connects as the postgres superuser and only demotes via SET ROLE, leaving session_user as superuser; an attacker who owns a database (including the default `app` role) can shadow unqualified identifiers like `current_database()` referenced in the stock `default-monitoring.yaml`, triggering the chain on the next scrape (≤30s). No public exploit identified at time of analysis, but the vulnerability is highly impactful (CVSS 9.4) and affects default deployments without custom metrics.

Authorization bypass and privilege escalation in pgAdmin 4 server mode allows authenticated users to access other users' private database servers, credentials, and background processes by guessing object IDs. Attackers can execute arbitrary shell commands as the server owner by modifying the passexec_cmd field through unprotected API endpoints. The vulnerability combines horizontal privilege escalation (accessing peer users' objects), vertical escalation (executing commands as owner), and credential theft (SSL keys, passfiles). No public exploit code identified at time of analysis, but exploitation requires only low-privilege authentication with no user interaction (CVSS PR:L/UI:N). EPSS data not provided; CISA KEV status not confirmed.

WSO2 Identity Server in multi-organization deployments fails to validate organization context during adaptive authentication flow execution, allowing privileged users in one organization to trigger authentication logic on other organizations. An attacker with adaptive authentication configuration privileges can exploit this context validation gap to bypass authorization boundaries, escalate privileges, and gain unauthorized access to user accounts and resources across organizational boundaries.

Improper privilege management in Dell ECS 3.8.1.0-3.8.1.7 and ObjectScale prior to 4.3.0.0 allows high-privileged local attackers to escalate privileges and gain full system access, affecting confidentiality, integrity, and availability. No public exploit code or active exploitation has been identified at the time of analysis.

Broken object-level authorization in HireFlow v1.2 exposes all candidate profiles and interview notes to any authenticated user via direct object reference. Attackers with valid low-privilege credentials can enumerate integer IDs in /candidate/<id> and /interview/<id> endpoints to access the entire database, enabling full horizontal privilege escalation and complete data breach. No vendor patch identified at time of analysis. EPSS data not available; no evidence of active exploitation (not in CISA KEV).

Privilege escalation in Plainpad versions prior to 1.1.1 allows any authenticated user to immediately grant themselves administrator privileges via a single HTTP PUT request to the user update endpoint. The vulnerability stems from the API directly accepting the admin parameter from user input without verifying the requesting user's existing privilege level. Affected instances enable low-privilege accounts to bypass authorization controls and access admin-only functionality with no special conditions beyond basic authentication. No public exploit code or active exploitation confirmed at time of analysis, though exploitation requires minimal technical skill given the straightforward attack vector (CVSS AV:N/AC:L/PR:L).

Path traversal in SharpCompress `WriteToDirectory()` allows malicious ZIP and TAR archives to create directories outside the intended extraction root via relative (`../../`) and absolute path (`/tmp/`) overrides in the directory-entry fast-path. TAR archives can be further escalated to arbitrary file writes when callers implement `SymbolicLinkHandler` without validating symlink targets, enabling an attacker to write files anywhere on the filesystem subject to process permissions. CVSS 5.9 reflects moderate severity; real-world impact depends on whether the application extracts untrusted archives and implements symlink handling.

{id}` with `permissions[admin]=1`. The API controller only strips the `superuser` key from the permissions array, allowing `admin` and all other permission keys to be set by any user who can update users. Patched in https://github.com/grokability/snipe-it/commit/ce18ff669ceb0f0349749fd5d11c1d3d40b10569, fix was released in v8.4.1 None.

SysReptor is a fully customizable pentest reporting platform. Prior to version 2026.29, users with "User Admin" permissions can change the email addresses of users with "Superuser" permissions. If the SysReptor installation has the "Forgot Password" functionality enabled (non-default), they can reset the Superusers' passwords and authenticate, if the Superuser has no MFA enabled. User managers can then access the Django backend (/admin) or manipulate the settings of the SysReptor installation. Note that user managers have the ability to access all pentest projects by assigning themselves "Project Admin" permissions. This is intentional and by design. This issue has been patched in version 2026.29.

Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to insecure action lookup logic, an authenticated user can execute any Action class (descendants of Avo::BaseAction) on any resource, even if the action is not registered for that specific resource. This leads to Privilege Escalation and unauthorized data manipulation across the entire application. This issue has been patched in version 3.31.2.

Privilege escalation in Suite Numérique People prior to version 1.25.0 allows authenticated domain administrators to remotely promote any existing user to Owner role via a crafted invitation request, without requiring acceptance from the target user. The vulnerability requires valid Administrator credentials on a mail domain but grants immediate full domain ownership, creating a severe lateral privilege escalation risk within multi-tenant deployments.

SQL injection in MikroORM versions ≤7.0.13 (v7) and ≤6.6.13 (v6) allows authenticated attackers to execute arbitrary SQL queries by injecting malicious characters into schema names, JSON property filters, or query builder keys. The vulnerability stems from improper escaping of dialect-specific quote characters in identifier-quoting and JSON-path functions. Multi-tenant applications are at heightened risk of cross-tenant data leakage. Vendor-released patches are available: upgrade to 7.0.14 (v7) or 6.6.14 (v6). No public exploit identified at time of analysis, though the vulnerability was discovered during internal security review by the project maintainer.

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path under their home directory.

Time-of-check-to-time-of-use (TOCTOU) race condition in Linux kernel's rust_binder implementation allows local authenticated attackers with low privileges to escalate privileges. The flaw exists in transaction offset array handling where values copied to a target process's read-only VMA are read back without protection against concurrent modification. If an attacker can write to their own supposedly read-only VMA through a separate vulnerability, they can modify offsets between write and read operations, causing the kernel to misinterpret transaction data and potentially enabling privilege escalation into the sending process. Patch available in kernel versions 6.18.19, 6.19.9, and 7.0. EPSS score of 0.02% suggests limited real-world exploitation likelihood despite CVSS 7.8 severity.

Local attackers with standard user accounts can escalate to NT AUTHORITY\SYSTEM privileges in Acer PredatorSense V3 versions 3.00.3136 through 3.00.3196. The gaming utility software exposes a misconfigured Windows Named Pipe allowing arbitrary code execution and file deletion with SYSTEM privileges. CVSS 8.5 (High) reflects severe local impact with low complexity exploitation. No active exploitation confirmed (not in CISA KEV) and no public exploit code identified at time of analysis, though the technical details provided enable development of proof-of-concept code.

Local attackers with standard user credentials can escalate privileges to NT AUTHORITY\SYSTEM in NAVER MYBOX Explorer for Windows through registry manipulation. The vulnerability affects versions prior to 3.0.11.160 and stems from improper privilege checks, allowing complete system control on compromised endpoints. EPSS risk is low at 0.02% (4th percentile), indicating minimal observed exploitation probability. No active exploitation has been reported and this vulnerability is not listed in CISA KEV.

Local privilege escalation in Akamai Guardicore Platform Agent 7.0-7.3.1 and Zero Trust Client 6.0-6.1.5 on Linux and macOS enables unprivileged users to gain root access through two distinct vectors: a TOCTOU race condition in the HandleSaveLogs() function that creates world-writable root-owned files via symlink manipulation in /tmp, and command injection in the gimmelogs diagnostic tool executing with root privileges. The vulnerability requires local access with high attack complexity (CVSS AC:H) but no authentication (PR:N), affecting endpoint security agents that typically run with elevated privileges. No active exploitation confirmed at time of analysis; EPSS data not available for this 2026 CVE identifier.