Skip to main content

Privilege Escalation

auth HIGH

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted.

How It Works

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted. The attack exploits the gap between what the system thinks a user can do and what they actually can do through manipulation or exploitation.

Vertical escalation is the classic form—a regular user obtaining administrator rights. This happens through kernel exploits that bypass OS-level security, misconfigurations in role-based access control (RBAC) that fail to enforce boundaries, or direct manipulation of authorization tokens and session data. Horizontal escalation involves accessing resources belonging to users at the same privilege level, typically through insecure direct object references (IDOR) where changing an ID in a request grants access to another user's data.

Context-dependent escalation exploits workflow logic by skipping authorization checkpoints. An attacker might access administrative URLs directly without going through proper authentication flows, manipulate parameters to bypass permission checks, or exploit REST API endpoints that don't validate method permissions—like a read-only GET permission that can be leveraged for write operations through protocol upgrades or alternative endpoints.

Impact

  • Full system compromise through kernel-level exploits granting root or SYSTEM privileges
  • Administrative control over applications, allowing configuration changes, user management, and deployment of malicious code
  • Lateral movement across cloud infrastructure, containers, or network segments using escalated service account permissions
  • Data exfiltration by accessing databases, file systems, or API endpoints restricted to higher privilege levels
  • Persistence establishment through creation of backdoor accounts or modification of system configurations

Real-World Examples

Kubernetes clusters have been compromised through kubelet API misconfigurations where read-only GET permissions on worker nodes could be escalated to remote code execution. Attackers upgraded HTTP connections to WebSockets to access the /exec endpoint, gaining shell access to all pods on the node. This affected over 69 Helm charts including widely-deployed monitoring tools like Prometheus, Grafana, and Datadog agents.

Windows Print Spooler vulnerabilities (PrintNightmare class) allowed authenticated users to execute arbitrary code with SYSTEM privileges by exploiting improper privilege checks in the print service. Attackers loaded malicious DLLs through carefully crafted print jobs, escalating from low-privilege user accounts to full domain administrator access.

Cloud metadata services have been exploited where SSRF vulnerabilities combined with over-permissioned IAM roles allowed attackers to retrieve temporary credentials with elevated permissions, pivoting from compromised web applications to broader cloud infrastructure access.

Mitigation

  • Enforce deny-by-default access control where permissions must be explicitly granted rather than implicitly allowed
  • Implement consistent authorization checks at every layer—API gateway, application logic, and data access—never relying on client-side or single-point validation
  • Apply principle of least privilege with time-limited, scope-restricted permissions and just-in-time access for administrative functions
  • Audit permission inheritance and role assignments regularly to identify overly permissive configurations or privilege creep
  • Separate execution contexts using containers, sandboxes, or capability-based security to limit blast radius
  • Deploy runtime monitoring for unusual privilege usage patterns and anomalous access to restricted resources

Recent CVEs (13304)

EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

Dpanel is a Docker visualization panel system which provides complete Docker management functions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Docker Privilege Escalation +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Xmall
NVD GitHub
EPSS 0% CVSS 8.5
HIGH This Week

A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Rockwell Privilege Escalation Thinmanager
NVD
EPSS 0% CVSS 5.2
MEDIUM This Month

Netskope Client on Mac OS is impacted by a vulnerability in which the postinstall script does not properly validate the path of the file “nsinstallation”. Rated medium severity (CVSS 5.2). No vendor patch available.

Privilege Escalation macOS
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in Quý Lê 91 Administrator Z allows Privilege Escalation.03.24. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates allows Privilege Escalation.1.6. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 84% 5.6 CVSS 8.1
HIGH POC THREAT Act Now

The User Registration & Membership WordPress plugin before version 4.1.2 fails to prevent users from setting their account role when the Membership Addon is enabled. This allows unauthenticated users to register with administrator privileges, bypassing all intended access controls.

WordPress Privilege Escalation User Registration Membership +1
NVD WPScan
EPSS 1% CVSS 8.1
HIGH PATCH This Week

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

RCE Path Traversal Privilege Escalation +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 0% CVSS 7.3
HIGH This Week

An app may be able to elevate privileges. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation macOS
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Ipados +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Rankology Rankology SEO – On-site SEO allows Privilege Escalation.2.3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.1
HIGH This Week

A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Paloalto Privilege Escalation +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Sonicwall +1
NVD
EPSS 0% CVSS 8.1
HIGH This Week

MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,5.0-1.1. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Suse
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Incorrect Privilege Assignment vulnerability in NotFound WP User Profiles allows Privilege Escalation.6.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Embedder plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ajax_set_global_option() function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Mestres do WP Checkout Mestres WP allows Privilege Escalation.7.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Privilege Escalation.1.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in WPSolr free WPSolr allows Privilege Escalation.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Privilege Escalation
NVD
EPSS 0% CVSS 8.2
HIGH This Week

information and potential privilege escalation following man in the middle attack. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Path Traversal Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Adobe Authentication Bypass Privilege Escalation +3
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Autoupdate
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Autoupdate
NVD
EPSS 0% CVSS 8.8
HIGH This Week

IBM Personal Communications v14 and v15 include a Windows service that is vulnerable to local privilege escalation (LPE). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft IBM Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH This Month

DLL hijacking in Ivanti Endpoint Manager before version 2024 SU1 or before version 2022 SU7 allows an authenticated attacker to escalate to System. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Ivanti Privilege Escalation Endpoint Manager
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The WPFront User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.1. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Privilege Escalation +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). Rated medium severity (CVSS 5.4). No vendor patch available.

Siemens RCE Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ruoyi
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM POC This Month

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method. Rated medium severity (CVSS 6.7), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Ruoyi
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In PlayReady TA, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

In DA, there is a possible permission bypass due to a logic error. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +20
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vdec, there is a possible permission bypass due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +21
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

aiven-extras is a PostgreSQL extension. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PostgreSQL Privilege Escalation
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Incorrect Privilege Assignment vulnerability in Favethemes Homey allows Privilege Escalation.4.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 7.6
HIGH This Week

Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum allows Privilege Escalation.4.2. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.5
HIGH This Month

The kernel driver, accessible to low-privileged users, exposes a function that fails to properly validate the privileges of the calling process. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation PHP
NVD
EPSS 25% 4.0 CVSS 8.8
HIGH POC PATCH THREAT Act Now

The Uncanny Automator - Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 25.0%.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Lbt T300 T400 Firmware
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC This Week

Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Student Manage
NVD
EPSS 0% CVSS 8.8
HIGH This Week

OpenVPN version 2.4.0 through 2.6.10 on Windows allows an external, lesser privileged process to create a named pipe which the OpenVPN GUI component would connect to allowing it to escalate its. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Openvpn +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Trend Vision One
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Trend Vision One
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Amd RCE Privilege Escalation
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

Tempo Operator incorrectly grants cluster-monitoring-view ClusterRole permissions to Tempo service accounts when Jaeger UI Monitor Tab is enabled, allowing authenticated users with TempoStack creation and Secret read permissions in a namespace to extract the service account token and gain unauthorized access to all cluster metrics. The vulnerability affects Grafana Tempo Operator and carries a CVSS score of 4.3 with low EPSS exploitation probability (0.21%, 44th percentile), indicating limited real-world attack likelihood despite the information disclosure impact. No public exploit code or active exploitation has been confirmed at time of analysis.

Grafana Kubernetes Docker +2
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

The Shopper Approved Reviews plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +2
NVD
EPSS 2% CVSS 8.6
HIGH This Week

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Privilege Escalation
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Insufficient validation of untrusted input in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in Extensions in Google Chrome prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +1
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Inappropriate implementation in Intents in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 8.6
HIGH PATCH This Week

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Privilege Escalation Chrome +2
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Incorrect Privilege Assignment vulnerability in Dimitri Grassi Salon booking system allows Privilege Escalation.11. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Missing Authorization vulnerability in WPClever WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce allows Privilege Escalation.3.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

An issue in hackathon-starter v.8.1.0 allows a remote attacker to escalate privileges via the user.js component. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD GitHub
EPSS 1% CVSS 7.3
HIGH This Week

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Privilege Escalation
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Privilege Escalation Mozilla
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

VMware Aria Operations contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation VMware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The WP RealEstate plugin for WordPress, used by the Homeo theme, is vulnerable to authentication bypass in all versions up to, and including, 1.6.26. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.7.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Privilege Escalation Sms Alert Order Notifications
NVD
EPSS 0% CVSS 8.9
HIGH This Week

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. Rated high severity (CVSS 8.9), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A permissions issue was addressed with improved validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

A parsing issue in the handling of directory paths was addressed with improved path validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A permissions issue was addressed with additional restrictions. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

This issue was addressed with improved validation of symlinks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A logic issue was addressed with improved checks. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This issue was addressed by removing the vulnerable code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A permissions issue was addressed with additional restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An integer overflow was addressed with improved input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

A permissions issue was addressed with additional sandbox restrictions. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A logic issue was addressed with improved file handling. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Privilege Escalation
NVD VulDB
EPSS 0% CVSS 9.8
CRITICAL POC Act Now

An issue in Adtran 411 ONT vL80.00.0011.M2 allows attackers to escalate privileges via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation 411 Firmware
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. Rated medium severity (CVSS 6.3), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Windows
NVD
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity.

Google Privilege Escalation Gvisor
NVD GitHub
Prev Page 32 of 148 Next

Quick Facts

Typical Severity
HIGH
Category
auth
Total CVEs
13304

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy