Search Results (9537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-4228 2026-04-15 N/A
An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
CVE-2024-33500 2026-04-15 5.9 Medium
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.
CVE-2023-47683 2 Miniorange, Wordpress 2 Wordpress Social Login And Register (discord, Google, Twitter, Linkedin), Wordpress 2026-04-15 8 High
Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Privilege Escalation.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.6.
CVE-2024-31237 1 Wp Sharks 1 S2member Pro 2026-04-15 7.5 High
Improper Privilege Management vulnerability in WP Sharks s2Member Pro allows Privilege Escalation.This issue affects s2Member Pro: from n/a through 240315.
CVE-2023-51481 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
CVE-2025-6182 2 Microsoft, Strongdm 2 Windows, Sdm-cli 2026-04-15 N/A
The StrongDM Windows service incorrectly handled communication related to system certificate management. Attackers could exploit this behavior to install untrusted root certificates or remove trusted ones.
CVE-2025-13888 1 Redhat 1 Openshift Gitops 2026-04-15 9.1 Critical
A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster.
CVE-2024-34331 1 Parallels 1 Parallels Desktop 2026-04-15 9.8 Critical
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
CVE-2025-60195 2 Atarim, Wordpress 2 Atarim, Wordpress 2026-04-15 9.8 Critical
Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.1.
CVE-2024-2003 2026-04-15 7.3 High
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from quarantine.
CVE-2024-20371 1 Cisco 1 Nexus 3550 Firmware 2026-04-15 5.3 Medium
A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.&nbsp; This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
CVE-2024-32960 2026-04-15 8.8 High
Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
CVE-2025-14778 1 Redhat 2 Build Keycloak, Build Of Keycloak 2026-04-15 5.4 Medium
A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService (UMA Protection API). When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first resource in the policy's list. This allows a user (Owner A) who owns one resource (RA) to update a shared policy and modify authorization rules for other resources (e.g., RB) in that same policy, even if those other resources are owned by a different user (Owner B). This constitutes a horizontal privilege escalation.
CVE-2025-9966 1 Novakon 1 P Series 2026-04-15 N/A
Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9).
CVE-2025-42992 1 Sap 1 Sapcar 2026-04-15 6.9 Medium
SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on integrity, but low impact on confidentiality and availability of the system.
CVE-2024-21966 2026-04-15 7.3 High
A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2023-47682 1 Wedevs 1 Wp User Frontend 2026-04-15 7.2 High
Improper Privilege Management vulnerability in weDevs WP User Frontend allows Privilege Escalation.This issue affects WP User Frontend: from n/a through 3.6.5.
CVE-2025-7973 1 Rockwellautomation 1 Factorytalk View 2026-04-15 N/A
A security issue exists in FactoryTalk ViewPoint version 14.0 or below due to improper handling of MSI repair operations. During a repair, attackers can hijack the cscript.exe console window, which runs with SYSTEM privileges. This can be exploited to spawn an elevated command prompt, enabling full privilege escalation.
CVE-2024-21807 1 Intel 1 Ethernet Complete Driver Pack 2026-04-15 8.8 High
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-12683 1 Voidtools 1 Everything 2026-04-15 N/A
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user.