CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 14/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-02-11
Critical

CVE-2025-0180

The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be update…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2025-24870

SAP GUI for Windows & RFC service credentials are incorrectly stored in the memory of the program allowing an unauthenticated attacker to access information within systems, resulting in privilege esc…

CVSS: 6.0 CWE: CWE-921 - Storage of Sensitive Data in a Mechanism without Access Control View on NVD
2025-02-10
High

CVE-2025-21692

In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <[email protected]> found that ets_class_from_arg() can index an Out-Of-Bou…

CVSS: 7.8 CWE: CWE-129 - Improper Validation of Array Index View on NVD
2025-02-07
Medium

CVE-2024-7425

The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versi…

CVSS: 6.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2022-26389

An improper access control vulnerability may allow privilege escalation.This issue affects:  * ELI 380 Resting Electrocardiograph: Versions 2.6.0 and prior;  * ELI 280/BUR280/MLBUR 280 Restin…

CVSS: 7.7 CWE: CWE-284 - Improper Access Control View on NVD
2025-02-06
High

CVE-2025-23093

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack du…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2024-57430

An SQL injection vulnerability in the pjActionGetUser function of PHPJabbers Cinema Booking System v2.0 allows attackers to manipulate database queries via the column parameter. Exploiting this flaw…

CVSS: 9.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
2025-02-05
High

CVE-2025-0413

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Paral…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2025-02-04
High

CVE-2024-11468

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with us…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-11467

Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escal…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-24648

Incorrect Privilege Assignment vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Privilege Escalation.This issue affects Admin and Site Enhancements (ASE): from n…

CVSS: 7.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-02-03
Medium

CVE-2024-47770

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based env…

CVSS: 4.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-35177

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based env…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43333

Incorrect Privilege Assignment vulnerability in NotFound Admin and Site Enhancements (ASE) Pro allows Privilege Escalation. This issue affects Admin and Site Enhancements (ASE) Pro: from n/a through…

CVSS: 7.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-02-01
High

CVE-2024-13343

The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and inclu…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-12171

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'eh_crm_agent_add_user' AJAX action in all…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-01-31
Critical

CVE-2024-53356

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope <= 8.6.0 and CO2Scope <= 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardc…

CVSS: 9.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2025-24831

Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

CVSS: 6.6 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
Medium

CVE-2025-24830

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

CVSS: 6.3 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-24829

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

CVSS: 6.3 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-24828

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

CVSS: 6.3 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-24827

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39378.

CVSS: 6.3 CWE: CWE-426 - Untrusted Search Path View on NVD
Low

CVE-2020-11936

gdbus setgid privilege escalation

CVSS: 3.1 CWE: N/A View on NVD
2025-01-30
High

CVE-2023-29080

Potential privilege escalation vulnerability in Revenera InstallShield versions 2022 R2 and 2021 R2 due to adding InstallScript custom action to a Basic MSI or InstallScript MSI project extracting fe…

CVSS: 8.5 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
Medium

CVE-2025-22220

VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to p…

CVSS: 4.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2024-12822

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the add_capto_img() fu…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-12821

The Media Manager for UserPro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the upm_upload_media()…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-12129

The Royal Core plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'royal_restore_backup' function i…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-10591

The MWB HubSpot for WooCommerce – CRM, Abandoned Cart, Email Marketing, Marketing Automation & Analytics plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privi…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-23007

A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

CVSS: 5.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-0834

Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Won…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-01-29
Medium

CVE-2025-24794

The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vu…

CVSS: 6.7 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://githu…

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
2025-01-28
Medium

CVE-2025-24826

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625.

CVSS: 6.7 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2025-23053

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator…

CVSS: 6.5 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2025-23385

In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local P…

CVSS: 7.8 CWE: CWE-114 - Process Control View on NVD
2025-01-27
High

CVE-2025-24107

A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, tvOS 18.3, watchOS 11.3. A malicious app may be able to gain root…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2025-24734

Missing Authorization vulnerability in CodeSolz Better Find and Replace real-time-auto-find-and-replace allows Privilege Escalation.This issue affects Better Find and Replace: from n/a through <= 1.6…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Medium

CVE-2025-24814

Core creation allows users to replace "trusted" configset files with arbitrary configuration Solr instances that (1) use the "FileSystemConfigSetService" component (the default in "standalone" or "u…

CVSS: 5.5 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2025-01-26
High

CVE-2024-11936

The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_option…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2025-01-25
High

CVE-2025-0543

Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affec…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2025-0542

Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker t…

CVSS: 7.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2025-01-24
Critical

CVE-2024-56404

In One Identity Identity Manager 9.x before 9.3, an insecure direct object reference (IDOR) vulnerability allows privilege escalation. Only On-Premise installations are affected.

CVSS: 9.9 CWE: CWE-302 - Authentication Bypass by Assumed-Immutable Data View on NVD
High

CVE-2024-9499

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Win 98SE Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacte…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9498

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted inst…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9497

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress 4 SDK installer can lead to privilege escalation and arbitrary code execution when running the impacted in…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9496

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the USBXpress Dev Kit installer can lead to privilege escalation and arbitrary code execution when running the impacted…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9495

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the CP210x VCP Windows installer can lead to privilege escalation and arbitrary code execution when running the impacted i…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9494

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  CP210 VCP Win 2k installer can lead to privilege escalation and arbitrary code execution when running the impacted…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9493

DLL hijacking vulnerabilities, caused by an uncontrolled search path in the  ToolStick installer can lead to privilege escalation and arbitrary code execution when running the impacted installer.

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9492

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Flash Programming Utility installer can lead to privilege escalation and arbitrary code execution when running the impacted ins…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9491

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Configuration Wizard 2 installer can lead to privilege escalation and arbitrary code execution when running the impacted instal…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-9490

DLL hijacking vulnerabilities, caused by an uncontrolled search path in Silicon Labs (8-bit) IDE installer can lead to privilege escalation and arbitrary code execution when running the impacted inst…

CVSS: 8.6 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2025-01-22
High

CVE-2024-55957

In Thermo Fisher Scientific Xcalibur before 4.7 SP1 and Thermo Foundation Instrument Control Software (ICSW) before 3.1 SP10, the driver packages have a local privilege escalation vulnerability due t…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2025-01-21
Medium

CVE-2025-24456

In JetBrains Hub before 2024.3.55417 privilege escalation was possible via LDAP authentication mapping

CVSS: 6.7 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
Critical

CVE-2024-51888

Incorrect Privilege Assignment vulnerability in favethemes Homey Login Register homey-login-register allows Privilege Escalation.This issue affects Homey Login Register: from n/a through <= 2.4.0.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-32555

Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-01-18
Critical

CVE-2024-13375

The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a use…

CVSS: 9.8 CWE: CWE-620 - Unverified Password Change View on NVD
2025-01-17
High

CVE-2025-21606

stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registe…

CVSS: 8.7 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2025-21399

Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability

CVSS: 7.4 CWE: CWE-426 - Untrusted Search Path View on NVD
Medium

CVE-2025-21185

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-10497

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privile…

CVSS: 8.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
High

CVE-2025-21325

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
2025-01-16
Critical

CVE-2025-23797

Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor wp-options-editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through <= 1.1.

CVSS: 9.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23532

Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget myanime-widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through <= 1.0.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23530

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Custom Post Type Lockdown custom-post-type-lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a thro…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2025-23528

Incorrect Privilege Assignment vulnerability in Mosterd3d DD Roles dd-roles allows Privilege Escalation.This issue affects DD Roles: from n/a through <= 4.1.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2025-01-15
High

CVE-2025-22736

Incorrect Privilege Assignment vulnerability in Saad Iqbal User Management user-management allows Privilege Escalation.This issue affects User Management: from n/a through <= 1.2.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2025-0447

Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2025-0443

Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via…

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Critical

CVE-2024-9636

The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be upd…

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2025-22394

Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this…

CVSS: 6.7 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2025-23013

In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a…

CVSS: 7.3 CWE: CWE-394 - Unexpected Status Code or Return Value View on NVD
2025-01-14
Medium

CVE-2024-45102

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (S…

CVSS: 6.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2025-21405

Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-21382

Windows Graphics Component Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21378

Windows CSC Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21372

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21370

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-21360

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2025-21341

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-21335

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21334

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21333

Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2025-21331

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2025-21327

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21324

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-21315

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2025-21311

Windows NTLM V1 Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
Medium

CVE-2025-21310

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-21304

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21293

Active Directory Domain Services Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-21292

Windows Search Service Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2025-21287

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2025-21281

Microsoft COM for Windows Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2025-21275

Windows App Package Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2025-21271

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-126 - Buffer Over-read View on NVD
Medium

CVE-2025-21265

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21263

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21261

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21260

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21258

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21256

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2025-21255

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21249

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2025-21235

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2025-21234

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2025-21232

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21229

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21228

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21227

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21226

Windows Digital Media Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2025-21202

Windows Recovery Environment Agent Elevation of Privilege Vulnerability

CVSS: 6.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2025-21173

.NET Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-379 - Creation of Temporary File in Directory with Insecure Permissions View on NVD
Medium

CVE-2024-12747

A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an…

CVSS: 5.6 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2024-11497

An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.

CVSS: 8.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
Critical

CVE-2025-0070

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in pri…

CVSS: 9.9 CWE: CWE-287 - Improper Authentication View on NVD
2025-01-09
High

CVE-2024-46464

In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevati…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Low

CVE-2025-22151

Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affec…

CVSS: 3.7 CWE: CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion') View on NVD
High

CVE-2024-13251

Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD