Skip to main content

Privilege Escalation

auth HIGH

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted.

How It Works

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted. The attack exploits the gap between what the system thinks a user can do and what they actually can do through manipulation or exploitation.

Vertical escalation is the classic form—a regular user obtaining administrator rights. This happens through kernel exploits that bypass OS-level security, misconfigurations in role-based access control (RBAC) that fail to enforce boundaries, or direct manipulation of authorization tokens and session data. Horizontal escalation involves accessing resources belonging to users at the same privilege level, typically through insecure direct object references (IDOR) where changing an ID in a request grants access to another user's data.

Context-dependent escalation exploits workflow logic by skipping authorization checkpoints. An attacker might access administrative URLs directly without going through proper authentication flows, manipulate parameters to bypass permission checks, or exploit REST API endpoints that don't validate method permissions—like a read-only GET permission that can be leveraged for write operations through protocol upgrades or alternative endpoints.

Impact

  • Full system compromise through kernel-level exploits granting root or SYSTEM privileges
  • Administrative control over applications, allowing configuration changes, user management, and deployment of malicious code
  • Lateral movement across cloud infrastructure, containers, or network segments using escalated service account permissions
  • Data exfiltration by accessing databases, file systems, or API endpoints restricted to higher privilege levels
  • Persistence establishment through creation of backdoor accounts or modification of system configurations

Real-World Examples

Kubernetes clusters have been compromised through kubelet API misconfigurations where read-only GET permissions on worker nodes could be escalated to remote code execution. Attackers upgraded HTTP connections to WebSockets to access the /exec endpoint, gaining shell access to all pods on the node. This affected over 69 Helm charts including widely-deployed monitoring tools like Prometheus, Grafana, and Datadog agents.

Windows Print Spooler vulnerabilities (PrintNightmare class) allowed authenticated users to execute arbitrary code with SYSTEM privileges by exploiting improper privilege checks in the print service. Attackers loaded malicious DLLs through carefully crafted print jobs, escalating from low-privilege user accounts to full domain administrator access.

Cloud metadata services have been exploited where SSRF vulnerabilities combined with over-permissioned IAM roles allowed attackers to retrieve temporary credentials with elevated permissions, pivoting from compromised web applications to broader cloud infrastructure access.

Mitigation

  • Enforce deny-by-default access control where permissions must be explicitly granted rather than implicitly allowed
  • Implement consistent authorization checks at every layer—API gateway, application logic, and data access—never relying on client-side or single-point validation
  • Apply principle of least privilege with time-limited, scope-restricted permissions and just-in-time access for administrative functions
  • Audit permission inheritance and role assignments regularly to identify overly permissive configurations or privilege creep
  • Separate execution contexts using containers, sandboxes, or capability-based security to limit blast radius
  • Deploy runtime monitoring for unusual privilege usage patterns and anomalous access to restricted resources

Recent CVEs (13302)

EPSS 0% CVSS 7.2
HIGH This Week

Privilege escalation in Dokan (WordPress multi-vendor marketplace plugin) versions up to 4.1.3 allows high-privileged users to elevate their permissions beyond intended role boundaries. Reported by Patchstack audit team with EPSS exploitation probability of 0.08% (24th percentile), indicating low real-world exploitation likelihood. No confirmed active exploitation (not in CISA KEV) or public proof-of-concept identified at time of analysis.

Privilege Escalation
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Missing authorization in the Billingo WordPress plugin (versions ≤4.3.0) enables authenticated high-privilege users to escalate privileges through unprotected API endpoints. CVSS 7.2 indicates network-accessible exploitation requiring high-privilege authentication with high impact across confidentiality, integrity, and availability. EPSS score of 0.06% (18th percentile) suggests low observed exploitation probability. No CISA KEV listing or public exploit identified at time of analysis, though Patchstack vulnerability database confirms the vulnerability class as both authentication bypass and privilege escalation.

Privilege Escalation Authentication Bypass
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Incorrect Privilege Assignment vulnerability in Josh Kohlbach Wholesale Suite woocommerce-wholesale-prices allows Privilege Escalation.This issue affects Wholesale Suite: from n/a through <= 2.2.4.2.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Account takeover in WordPress Orion SMS OTP Verification plugin (versions ≤1.1.7) allows unauthenticated remote attackers to reset arbitrary user passwords without identity verification. Attackers knowing a target's phone number can change that user's password to an attacker-controlled OTP, gaining complete account access with full privileges. CVSS 9.8 (Critical) reflects network-accessible, no-authentication-required exploitation with high confidentiality, integrity, and availability impact. No public exploit identified at time of analysis.

WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

WPBifröst WordPress plugin through version 1.0.7 allows low-privileged authenticated users to escalate to full administrative access. Subscribers and higher roles can exploit a missing capability check in the ctl_create_link AJAX handler to create new administrator accounts and immediately log in with full site control. With CVSS 8.8 (High) and EPSS data unavailable, severity is driven by the low privilege requirement (PR:L) and complete system compromise (C:H/I:H/A:H). No public exploit identified at time of analysis, and not listed in CISA KEV, but the attack is trivially automatable once an attacker holds any authenticated role.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Binary MLM Plan plugin for WordPress versions up to 3.0 grants the manage_bmp capability to all users upon registration, allowing unauthenticated attackers to register via the plugin's form and immediately escalate privileges to manage plugin settings. This privilege escalation affects all installations with the vulnerable plugin active, with a CVSS score of 6.5 reflecting moderate confidentiality and integrity impact. No public exploit code or active exploitation has been confirmed at the time of analysis.

Privilege Escalation WordPress
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

A privilege escalation vulnerability exists in the integration between Active Directory and the System Security Services Daemon (SSSD) on Linux systems, where an attacker with permissions to modify AD attributes can impersonate privileged users by exploiting a fallback mechanism in the Kerberos authentication plugin. The vulnerability affects domain-joined Linux hosts running SSSD in default configurations and allows attackers to gain unauthorized access with high privileges. With a low EPSS score of 0.05% and no KEV listing, this appears to be a theoretical risk requiring existing AD permissions rather than an actively exploited vulnerability.

Authentication Bypass Privilege Escalation Linux +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.

Privilege Escalation Macforge
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4.0.13.

Authentication Bypass Privilege Escalation Phpmyfaq
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Privilege escalation in Appy Pie Connect for WooCommerce via password reset.

Privilege Escalation WordPress
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation by injecting a DLL.

Privilege Escalation OpenSSL Ubuntu +2
NVD
EPSS 0% CVSS 3.3
LOW PATCH Monitor

CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.

Privilege Escalation Java
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories.

Privilege Escalation macOS
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

A UNIX Symbolic Link (Symlink) Following vulnerability in logrotate config in the exim package allowed privilege escalation from mail user/group to root.This issue affects Tumbleweed: from ? before 4.98.2-lp156.248.1.

Privilege Escalation Ubuntu Debian +1
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Privilege Escalation in operations API in Canonical LXD <6.5 on multiple platforms allows attacker with read permissions to hijack terminal or console sessions and execute arbitrary commands via WebSocket connection hijacking format

Privilege Escalation Ubuntu Debian +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.

Privilege Escalation Windows
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

Privilege Escalation Support Assistant
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

An SQL injection vulnerability in user-login.php and index.php of Karthikg1908 Hospital Management System (HMS) 1.0 allows remote attackers to execute arbitrary SQL queries via the username and. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass PHP Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

TitanSystems Zender v3.9.7 contains an account takeover vulnerability in its password reset functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Information Disclosure +1
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Local privilege escalation due to insecure XPC service configuration. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 9.1
CRITICAL PATCH This Week

A privilege escalation flaw from host to domain administrator was found in FreeIPA. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Canonical Privilege Escalation Information Disclosure +2
NVD
EPSS 0% CVSS 6.4
MEDIUM PATCH This Month

A container privilege escalation flaw was found in KServe ModelMesh container images. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation Red Hat
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Local privilege escalation due to DLL hijacking vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation
NVD
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

FreshRSS is a free, self-hostable RSS aggregator. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation XSS Freshrss
NVD GitHub
EPSS 0% CVSS 9.5
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (Windows client deployments) contain a registry key that can be. Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Microsoft Privilege Escalation +3
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Docker Privilege Escalation +3
NVD
EPSS 0% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Privilege Escalation VMware Aria Operations +9
NVD
EPSS 0% CVSS 8.7
HIGH This Month

In a hardened Docker environment, with Enhanced Container Isolation ( ECI https://docs.docker.com/enterprise/security/hardened-desktop/enhanced-container-isolation/ ) enabled, an administrator can. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Docker Privilege Escalation
NVD
EPSS 0% CVSS 9.9
CRITICAL This Week

In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Drivelock
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A privilege escalation issue has been discovered in GitLab EE affecting all versions from 16.6 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 that could have allowed a developer with. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Gitlab Privilege Escalation
NVD
EPSS 0% CVSS 8.7
HIGH This Month

Ericsson Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can allow an attacker to execute commands with escalated privileges. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Ericsson Indoor Connect 8855 Firmware
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Appspider Pro
NVD
EPSS 0% CVSS 7.8
HIGH This Month

iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 9.5
CRITICAL Act Now

Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Rated critical severity (CVSS 9.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation +1
NVD GitHub VulDB
EPSS 0% CVSS 3.9
LOW Monitor

ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup.4.2500.25, through 11.4.2508.13. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Manageengine Endpoint Central
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

Flag Forge is a Capture The Flag (CTF) platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Flagforge
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

The MultiLoca - WooCommerce Multi Locations Inventory Management plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.A.C518o2. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.0
HIGH POC This Month

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Asterisk Certified Asterisk
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM POC This Month

iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS School Express
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

Stocky POS with Inventory Management & HRM (ui-lib) version 5.0 is affected by a Stored Cross-Site Scripting (XSS) vulnerability within the Products module available to authenticated users. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation XSS Stocky
NVD
EPSS 0% CVSS 4.8
MEDIUM Monitor

MagicProject AI version 9.1 is affected by a Cross-Site Scripting (XSS) vulnerability within the chatbot generation feature available to authenticated admin users. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Magicai
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in pebas CouponXxL allows Privilege Escalation.5.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 7.5
HIGH POC PATCH This Month

Authlib is a Python library which builds OAuth and OpenID Connect servers. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Privilege Escalation Authlib +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Month

Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL This Week

Insufficient hardening of the proxyuser account in the AiKaan IoT management platform, combined with the use of a shared, hardcoded SSH private key, allows remote attackers to authenticate to the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.1 and previous version. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Recipes
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Ppress
NVD GitHub
EPSS 0% CVSS 8.7
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) contains multiple Docker containers that run primary application processes (for example PHP. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Docker PHP Privilege Escalation +3
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host and Application (VA and SaaS deployments) provision the appliance with the network account credentials in clear-text inside /etc/issue, and. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Virtual Appliance Application Virtual Appliance Host
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.951, Application prior to 20.0.2368 (VA and SaaS deployments) contain an undocumented local user account named. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Ubuntu Privilege Escalation +2
NVD
EPSS 0% CVSS 8.6
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 1.0.735 and Application prior to 20.0.1330 (Windows client deployments) contain a remote code execution vulnerability. Rated high severity (CVSS 8.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE File Upload Microsoft +4
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 (Windows client deployments) contain an insecure temporary-file. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Privilege Escalation Virtual Appliance Application +2
NVD
EPSS 0% CVSS 7.1
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 25.1.102 and Application versions prior to 25.1.1413 include Windows client components. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python RCE Microsoft +4
NVD
EPSS 0% CVSS 8.5
HIGH POC This Week

Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Apple Privilege Escalation Virtual Appliance Application +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8.0.15 and 11.9.0.8 are susceptible to a privilege escalation vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Storagegrid
NVD
EPSS 0% CVSS 8.1
HIGH This Month

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 8.0
HIGH POC This Week

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Brute Force RCE Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM This Month

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Information Disclosure +1
NVD
EPSS 0% CVSS 1.8
LOW Monitor

SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via. Rated low severity (CVSS 1.8). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 5.2
MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 5.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Privilege Escalation Zimaos
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. Rated medium severity (CVSS 4.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Zimaos
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM This Month

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Aruba Privilege Escalation
NVD
EPSS 1% CVSS 9.3
CRITICAL POC Act Now

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Privilege Escalation Eve X1 Server Firmware
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Tuya
NVD
EPSS 0% CVSS 8.8
HIGH This Month

CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Microsoft Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Online Library Management System
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL This Week

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Stack Overflow +1
NVD
EPSS 0% CVSS 9.3
CRITICAL This Week

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. Rated critical severity (CVSS 9.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Control M Agent
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Control M Agent
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.09.2025. Rated critical severity (CVSS 9.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Month

The Sparkle framework includes a helper tool Autoupdate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Month

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Privilege Escalation Online Library Management System
NVD GitHub
EPSS 0% CVSS 3.8
LOW POC Monitor

An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query feature under the SQL Tool admin panel - to gain escalated. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Subrion Cms
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determine_current_user filter in versions 1.4.2. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The My WP Translate plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_import_strings(). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with. Rated medium severity (CVSS 6.4). No vendor patch available.

IBM Privilege Escalation Security Verify Information Queue
NVD
EPSS 0% CVSS 7.8
HIGH POC This Month

BenimPOS Masaustu 3.0.x is affected by insecure file permissions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Privilege Escalation Benimpos
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Information Disclosure +1
NVD GitHub
EPSS 0% CVSS 7.0
HIGH This Week

Dell PowerProtect Data Manager, version(s) 19.19 and 19.20, Hyper-V contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.0). No vendor patch available.

Dell Privilege Escalation Powerprotect Data Manager
NVD
EPSS 0% CVSS 7.8
HIGH This Month

Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(s) an Incorrect Default Permissions vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH This Month

An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Privilege Escalation N Central +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 8.8
HIGH This Month

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

PyInstaller bundles a Python application and all its dependencies into a single package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Code Injection RCE Microsoft +4
NVD GitHub
Prev Page 22 of 148 Next

Quick Facts

Typical Severity
HIGH
Category
auth
Total CVEs
13302

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy