Search Results (9540 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23492 2026-04-15 5.7 Medium
A weak encoding is used to transmit credentials for WS203VICM.
CVE-2023-4976 1 Purestorage 1 Flashblade 2026-04-15 N/A
A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.
CVE-2025-3550 2026-04-15 4.3 Medium
A vulnerability has been found in wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /v1/pushConfig/detail/. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9937 1 Elunez 1 Eladmin 2026-04-15 5.4 Medium
A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
CVE-2023-50890 2026-04-15 8.8 High
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.20.
CVE-2025-7552 2026-04-15 6.3 Medium
A vulnerability was found in Dromara Northstar up to 7.3.5. It has been rated as critical. Affected by this issue is the function preHandle of the file northstar-main/src/main/java/org/dromara/northstar/web/interceptor/AuthorizationInterceptor.java of the component Path Handler. The manipulation of the argument Request leads to improper access controls. The attack may be launched remotely. Upgrading to version 7.3.6 is able to address this issue. The patch is identified as 8d521bbf531de59b09b8629a9cbf667870ad2541. It is recommended to upgrade the affected component.
CVE-2025-4692 2026-04-15 6.8 Medium
Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalate privileges to access any device managed by the ABUP Cloud Update Platform.
CVE-2023-51481 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0.
CVE-2023-51483 1 Glowlogix 1 Wp Frontend Profile 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.
CVE-2024-9636 2026-04-15 9.8 Critical
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator.
CVE-2024-31502 1 Munyweki 1 Insurance Management System 2026-04-15 8.1 High
An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.
CVE-2025-37186 2 Hp, Linux 2 Aruba Virtual Intranet Access, Linux 2026-04-15 7.8 High
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.
CVE-2025-15030 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
CVE-2025-23093 2026-04-15 8.8 High
The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges.
CVE-2025-22621 2026-04-15 6.4 Medium
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles.
CVE-2024-9863 1 Miniorange 1 Otp Verification 2026-04-15 9.8 Critical
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.6.0 due to the insecure 'administrator' default value for the 'default_user_role' option. This makes it possible for unauthenticated attackers to register an administrator user even if the registration form is disabled.
CVE-2025-60195 2 Atarim, Wordpress 2 Atarim, Wordpress 2026-04-15 9.8 Critical
Incorrect Privilege Assignment vulnerability in Vito Peleg Atarim atarim-visual-collaboration allows Privilege Escalation.This issue affects Atarim: from n/a through <= 4.2.1.
CVE-2024-3507 2026-04-15 7.7 High
Improper privilege management vulnerability in Lunar software that affects versions 6.0.2 through 6.6.0. This vulnerability allows an attacker to perform a secondary process injection into the Lunar application and abuse those rights to access sensitive user information.
CVE-2012-10022 1 Lxcenter 1 Kloxo 2026-04-15 N/A
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
CVE-2024-22017 2 Nodejs, Redhat 2 Nodejs, Enterprise Linux 2026-04-15 7.3 High
setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21.