Skip to main content

Privilege Escalation

auth HIGH

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted.

How It Works

Privilege escalation occurs when an attacker leverages flaws in access control mechanisms to gain permissions beyond what they were originally granted. The attack exploits the gap between what the system thinks a user can do and what they actually can do through manipulation or exploitation.

Vertical escalation is the classic form—a regular user obtaining administrator rights. This happens through kernel exploits that bypass OS-level security, misconfigurations in role-based access control (RBAC) that fail to enforce boundaries, or direct manipulation of authorization tokens and session data. Horizontal escalation involves accessing resources belonging to users at the same privilege level, typically through insecure direct object references (IDOR) where changing an ID in a request grants access to another user's data.

Context-dependent escalation exploits workflow logic by skipping authorization checkpoints. An attacker might access administrative URLs directly without going through proper authentication flows, manipulate parameters to bypass permission checks, or exploit REST API endpoints that don't validate method permissions—like a read-only GET permission that can be leveraged for write operations through protocol upgrades or alternative endpoints.

Impact

  • Full system compromise through kernel-level exploits granting root or SYSTEM privileges
  • Administrative control over applications, allowing configuration changes, user management, and deployment of malicious code
  • Lateral movement across cloud infrastructure, containers, or network segments using escalated service account permissions
  • Data exfiltration by accessing databases, file systems, or API endpoints restricted to higher privilege levels
  • Persistence establishment through creation of backdoor accounts or modification of system configurations

Real-World Examples

Kubernetes clusters have been compromised through kubelet API misconfigurations where read-only GET permissions on worker nodes could be escalated to remote code execution. Attackers upgraded HTTP connections to WebSockets to access the /exec endpoint, gaining shell access to all pods on the node. This affected over 69 Helm charts including widely-deployed monitoring tools like Prometheus, Grafana, and Datadog agents.

Windows Print Spooler vulnerabilities (PrintNightmare class) allowed authenticated users to execute arbitrary code with SYSTEM privileges by exploiting improper privilege checks in the print service. Attackers loaded malicious DLLs through carefully crafted print jobs, escalating from low-privilege user accounts to full domain administrator access.

Cloud metadata services have been exploited where SSRF vulnerabilities combined with over-permissioned IAM roles allowed attackers to retrieve temporary credentials with elevated permissions, pivoting from compromised web applications to broader cloud infrastructure access.

Mitigation

  • Enforce deny-by-default access control where permissions must be explicitly granted rather than implicitly allowed
  • Implement consistent authorization checks at every layer—API gateway, application logic, and data access—never relying on client-side or single-point validation
  • Apply principle of least privilege with time-limited, scope-restricted permissions and just-in-time access for administrative functions
  • Audit permission inheritance and role assignments regularly to identify overly permissive configurations or privilege creep
  • Separate execution contexts using containers, sandboxes, or capability-based security to limit blast radius
  • Deploy runtime monitoring for unusual privilege usage patterns and anomalous access to restricted resources

Recent CVEs (13305)

EPSS 14% CVSS 9.8
CRITICAL Act Now

Privilege escalation in medmatech Matix Popup Builder WordPress plugin (versions up to and including 1.0.0) allows remote unauthenticated attackers to gain elevated privileges by abusing missing authorization checks. With a CVSS score of 9.8 and an EPSS score of 13.56% (94th percentile), this represents elevated exploitation risk relative to typical CVEs, though no public exploit identified at time of analysis.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Connections
NVD
EPSS 1% CVSS 8.0
HIGH PATCH This Week

Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jenkins Pipeline
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board M10JNP2SB Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel M10Jnp2Sb Firmware
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Use After Free Memory Corruption Intel +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper input validation in firmware for some Intel(R) Server M20NTP Family UEFI may allow a privileged user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Intel Privilege Escalation
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of. Rated high severity (CVSS 7.3). No vendor patch available.

Privilege Escalation Ssti Intel
NVD
EPSS 0% CVSS 8.7
HIGH PATCH This Week

Improper Access Control in UEFI firmware for some Intel(R) Server Board M70KLP may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7).

Authentication Bypass Privilege Escalation Intel +1
NVD
EPSS 0% CVSS 8.6
HIGH This Week

Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially. Rated high severity (CVSS 8.6), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation SQLi Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Uncontrolled search path for some Intel(R) Quartus(R) Prime Standard Edition software for Windows before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege. Rated medium severity (CVSS 5.4).

Privilege Escalation Intel Microsoft +1
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Intel +1
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Uncontrolled search path for some Intel(R) Quartus(R) Prime Pro Edition software for Windows before version 24.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4).

Privilege Escalation Intel Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some ACAT software maintained by Intel(R) for Windows before version 3.11.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Access Control in some Intel(R) DSA before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel +1
NVD
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Improper input validation in some Intel(R) CIP software before version 2.4.10852 may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Privilege Escalation Intel Computing Improvement Program
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Insecure inherited permissions for some Intel(R) DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Driver Support Assistant
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Insecure inherited permissions for some Intel(R) CIP software before version 2.4.10852 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4).

Privilege Escalation Intel Computing Improvement Program
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in the Intel(R) SDP Tool for Windows software all version may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Oneapi Base Toolkit +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element in some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions in the Intel(R) SDP Tool for Windows software all versions may allow an authenticated user to enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft +1
NVD
EPSS 0% CVSS 2.0
LOW Monitor

Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.0). No vendor patch available.

Privilege Escalation Buffer Overflow Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in some Intel(R) oneAPI DPC++/C++ Compiler before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path element in some Intel(R) MAS software before version 2.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 7.0
HIGH This Week

Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper access control for some Intel(R) Arc(TM) Pro Graphics for Windows drivers before version 31.0.101.5319 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation Intel +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in some Intel(R) High Level Synthesis Compiler software for Intel(R) Quartus(R) Prime Pro Edition Software before version 24.1 may allow an authenticated user to potentially. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.7). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

Improper access control for some BigDL software maintained by Intel(R) before version 2.5.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Python Intel
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel Virtual Raid On Cpu
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper access control in some JAM STAPL Player software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Authentication Bypass Privilege Escalation
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Fortran Compiler Classic software before version 2021.13 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 7.7
HIGH This Week

Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. Rated high severity (CVSS 7.7), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Exposure of resource to wrong sphere in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Intel Privilege Escalation Information Disclosure
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 4.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Uncontrolled search path for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local. Rated medium severity (CVSS 5.4). No vendor patch available.

Privilege Escalation Intel Microsoft
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.3
HIGH This Week

Sensitive information in resource not removed before reuse in some Intel(R) TDX Seamldr module software before version 1.5.02.00 may allow a privileged user to potentially enable escalation of. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via. Rated high severity (CVSS 8.5). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 0% CVSS 1.0
LOW Monitor

Improper buffer restrictions in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 1.0). No vendor patch available.

Privilege Escalation Intel
NVD
EPSS 1% CVSS 6.9
MEDIUM This Month

Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated medium severity (CVSS 6.9), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Intel
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Integer overflow for some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable escalation of privilege via local access. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Privilege Escalation Intel
NVD
EPSS 1% CVSS 7.3
HIGH KEV PATCH THREAT This Week

In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In updateInternal of MediaProvider.java , there is a possible access of another app's files due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Java Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In getInstalledAccessibilityPreferences of AccessibilitySettings.java, there is a possible way to hide an enabled accessibility service in the accessibility service settings due to a logic error in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Information Disclosure Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In handleMessage of UsbDeviceManager.java, there is a possible method to access device contents over USB without unlocking the device due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In onReceive of AppRestrictionsFragment.java, there is a possible escalation of privilege due to unsafe deserialization. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.

Deserialization Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemIntChangeSparse2 of devicemem_server.c, there is a possible way to achieve arbitrary code execution due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass RCE Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In setTransactionState of SurfaceFlinger.cpp, there is a possible way to change protected display attributes due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Privilege Escalation Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In DevmemXIntMapPages of devicemem_server.c, there is a possible use-after-free due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Use After Free Memory Corruption +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In multiple locations, there is a possible arbitrary code execution due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In multiple locations, there is a possible permissions bypass due to a missing null check. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Privilege Escalation Null Pointer Dereference Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PVRSRVRGXKickTA3DKM of rgxta3d.c, there is a possible arbitrary code execution due to improper input validation. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In PMRWritePMPageList of pmr.c, there is a possible out of bounds write due to a logic error in the code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +1
NVD
EPSS 0% CVSS 5.1
MEDIUM This Month

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Grafana
NVD
EPSS 0% CVSS 7.0
HIGH This Week

grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. Rated high severity (CVSS 7.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Privilege Escalation +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Incorrect file permissions in Ivanti Connect Secure before version 22.6R2 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1 (Not Applicable to 9.1Rx) allow a local. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Connect Secure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insufficient validation in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Ivanti Secure Access Client
NVD
EPSS 0% CVSS 8.7
HIGH This Week

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Snipe It
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Apple XSS +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Rated medium severity (CVSS 6.0). No vendor patch available.

Privilege Escalation HP
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code. Rated medium severity (CVSS 6.4). No vendor patch available.

Privilege Escalation
NVD
EPSS 0% CVSS 8.8
HIGH This Week

A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Fortinet Microsoft +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Fortinet +4
NVD
EPSS 1% CVSS 5.1
MEDIUM KEV THREAT This Month

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Citrix Microsoft +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation RCE Amd +1
NVD
Prev Page 40 of 148 Next

Quick Facts

Typical Severity
HIGH
Category
auth
Total CVEs
13305

MITRE ATT&CK

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy