Export limit exceeded: 361154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2881 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27847 | 1 Espec | 1 North America Web Controller | 2026-04-15 | 4.3 Medium |
| In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | ||||
| CVE-2023-32244 | 1 Xtemos | 1 Woodmart Core | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | ||||
| CVE-2024-31756 | 1 Marvintest Solutions | 1 Hardware Access Driver | 2026-04-15 | 7.8 High |
| An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. | ||||
| CVE-2024-31757 | 1 Terabyte Unlimited | 1 Image | 2026-04-15 | 7.8 High |
| An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. | ||||
| CVE-2023-32194 | 1 Rancher | 1 Rancher | 2026-04-15 | 7.2 High |
| A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | ||||
| CVE-2025-66428 | 1 Plesk | 1 Obsidian | 2026-04-15 | 8.8 High |
| An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | ||||
| CVE-2023-47782 | 2026-04-15 | 8.8 High | ||
| Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | ||||
| CVE-2023-49232 | 1 Stilog | 1 Visual Planning 8 | 2026-04-15 | 9.8 Critical |
| An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. | ||||
| CVE-2025-4636 | 2026-04-15 | 7.8 High | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | ||||
| CVE-2025-0327 | 2026-04-15 | 7.8 High | ||
| CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit trail data and the other acting as server managing client request) that could cause a loss of Confidentiality, Integrity and Availability of engineering workstation when an attacker with standard privilege modifies the executable path of the windows services. To be exploited, services need to be restarted. | ||||
| CVE-2024-12786 | 2026-04-15 | 7.8 High | ||
| A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. | ||||
| CVE-2025-29999 | 2026-04-15 | 6.7 Medium | ||
| A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. | ||||
| CVE-2024-36439 | 2026-04-15 | 9.4 Critical | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password. | ||||
| CVE-2024-1973 | 2026-04-15 | 8.5 High | ||
| By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. | ||||
| CVE-2024-36586 | 1 Adguard | 1 Adguardhome | 2026-04-15 | 8.8 High |
| An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary. | ||||
| CVE-2024-32960 | 2026-04-15 | 8.8 High | ||
| Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | ||||
| CVE-2024-33223 | 2026-04-15 | 8.8 High | ||
| An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-33308 | 2026-04-15 | 9.1 Critical | ||
| An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | ||||
| CVE-2024-33393 | 1 Spidernet-io | 1 Spiderpool | 2026-04-15 | 6.2 Medium |
| An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component. | ||||
| CVE-2024-27357 | 2026-04-15 | 5.8 Medium | ||
| An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins. | ||||