Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2711 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34331 | 1 Parallels | 1 Parallels Desktop | 2026-04-15 | 9.8 Critical |
| A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. | ||||
| CVE-2024-9002 | 1 Schneider-electric | 1 Easergy Studio | 2026-04-15 | 7.8 High |
| CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated user tries to perform privilege escalation by tampering with the binaries | ||||
| CVE-2024-34332 | 1 Sisoftware | 1 Sandra | 2026-04-15 | 7.8 High |
| An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API. | ||||
| CVE-2025-1425 | 2026-04-15 | N/A | ||
| A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671. | ||||
| CVE-2025-11533 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| The WP Freeio plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.21. This is due to the process_register() function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. | ||||
| CVE-2025-13176 | 1 Eset | 1 Inspect Connector | 2026-04-15 | N/A |
| Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | ||||
| CVE-2025-11561 | 1 Redhat | 9 Ceph Storage, Enterprise Linux, Openshift and 6 more | 2026-04-15 | 8.8 High |
| A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts. | ||||
| CVE-2024-8424 | 2 Watchgua, Watchguard | 3 Panda Dome Firmware, Epdr Firmware, Panda Ad360 Firmware | 2026-04-15 | 7.8 High |
| Improper Privilege Management vulnerability in WatchGuard EPDR, Panda AD360 and Panda Dome on Windows (PSANHost.exe module) allows arbitrary file delete with SYSTEM permissions. This issue affects EPDR: before 8.00.23.0000; Panda AD360: before 8.00.23.0000; Panda Dome: before 22.03.00. | ||||
| CVE-2024-33224 | 1 Realtek | 1 Io Driver | 2026-04-15 | 8.4 High |
| An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-22157 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15. | ||||
| CVE-2023-53908 | 1 Belden | 1 Hisecos | 2026-04-15 | 8.8 High |
| HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level. | ||||
| CVE-2024-7291 | 1 Crocoblock | 1 Jetelements | 2026-04-15 | 7.2 High |
| The JetFormBuilder plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.4.1. This is due to improper restriction on user meta fields. This makes it possible for authenticated attackers, with administrator-level and above permissions, to register as super-admins on the sites configured as multi-sites. | ||||
| CVE-2024-4395 | 2026-04-15 | 7.8 High | ||
| The XPC service within the audit functionality of Jamf Compliance Editor before version 1.3.1 on macOS can lead to local privilege escalation. | ||||
| CVE-2024-43403 | 1 Kanisterio | 1 Kanister | 2026-04-15 | 8.8 High |
| Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation. | ||||
| CVE-2025-36729 | 1 Racom | 1 M!dge | 2026-04-15 | 7.2 High |
| A non-primary administrator user with admin rights to the web interface but without shell access permissions can display configuration of the device including the master admin password. This vulnerability also allows the user to give themselves shell access with the root gid. | ||||
| CVE-2023-26009 | 1 Favethemes | 1 Houzez | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. | ||||
| CVE-2024-13376 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2023-51481 | 2026-04-15 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. | ||||
| CVE-2012-10022 | 1 Lxcenter | 1 Kloxo | 2026-04-15 | N/A |
| Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication. | ||||
| CVE-2024-39634 | 1 Ideabox | 1 Powerpack Pro For Elementor | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in IdeaBox PowerPack Pro for Elementor allows Privilege Escalation.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.14. | ||||