CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 15/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-01-08
Critical

CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's ide…

CVSS: 9.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
Medium

CVE-2024-56449

Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVSS: 6.6 CWE: CWE-840 View on NVD
2025-01-07
Critical

CVE-2022-41572

An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the ser…

CVSS: 9.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Critical

CVE-2024-55414

A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-55413

A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-55412

A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This c…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2025-0237

The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege…

CVSS: 5.4 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2024-56280

Incorrect Privilege Assignment vulnerability in AmentoTech Private Limited WPGuppy wpguppy-lite allows Privilege Escalation.This issue affects WPGuppy: from n/a through <= 1.1.0.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-49644

Incorrect Privilege Assignment vulnerability in AllAccessible Accessibility by AllAccessible allaccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a thro…

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-12202

The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-11725

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2024-12470

The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly l…

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-12264

The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/pa…

CVSS: 9.8 CWE: CWE-287 - Improper Authentication View on NVD
Critical

CVE-2024-12402

The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. Thi…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
High

CVE-2025-22395

Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading…

CVSS: 8.2 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2025-01-06
High

CVE-2024-55074

The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370.

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2025-01-03
High

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, an…

CVSS: 8.8 CWE: CWE-285 - Improper Authorization View on NVD
2025-01-02
High

CVE-2024-55543

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
Medium

CVE-2024-55542

Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acr…

CVSS: 4.4 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-55540

Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2024-12-31
High

CVE-2024-56207

Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard EditionGuard for WooCommerce – eBook Sales with DRM editionguard-for-woocommerce-ebook-sales-with-drm allows Privilege Escalation.This…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-56204

Cross-Site Request Forgery (CSRF) vulnerability in yonisink Sinking Dropdowns sinking-dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through <= 1.25.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-56203

Cross-Site Request Forgery (CSRF) vulnerability in gholme4 Wayne Audio Player wayne-audio-player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through <= 1.0.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Critical

CVE-2024-56066

Missing Authorization vulnerability in inspry Agency Toolkit agency-toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through <= 1.0.23.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-56061

Missing Authorization vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Privilege Escalation.This issue affects RepairBuddy: from n/a through <= 3.8119.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2024-56043

Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS wplms_plugin allows Privilege Escalation.This issue affects WPLMS: from n/a through <= 1.9.9.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-56040

Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP vibebp allows Privilege Escalation.This issue affects VibeBP: from n/a through <= 1.9.9.4.1.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-56205

Incorrect Privilege Assignment vulnerability in SunnyKai AI Magic newsletter-page-redirects allows Privilege Escalation.This issue affects AI Magic: from n/a through <= 1.0.4.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-56071

Incorrect Privilege Assignment vulnerability in mikeleembruggen Simple Dashboard simple-dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through <= 2.0.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-56220

Incorrect Privilege Assignment vulnerability in sslplugins SSL Wireless SMS Notification ssl-wireless-sms-notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: fr…

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-13040

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access ce…

CVSS: 8.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2024-12-30
High

CVE-2024-13043

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An atta…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-12753

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker m…

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2024-12-27
High

CVE-2020-9222

There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulner…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2020-9080

There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitat…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-12-25
High

CVE-2024-47978

Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leadi…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
Critical

CVE-2024-11281

The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id'…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-24
High

CVE-2024-12594

The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-20
High

CVE-2024-56335

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organizati…

CVSS: 7.6 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-56334

systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` f…

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
High

CVE-2023-42867

This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
Medium

CVE-2024-12678

Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE…

CVSS: 6.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-12831

Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewa…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2024-12-18
Critical

CVE-2024-54383

Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers woocommerce-pdf-vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a through < 4.9…

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-12432

The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_ke…

CVSS: 8.1 CWE: CWE-330 - Use of Insufficiently Random Values View on NVD
High

CVE-2024-12259

The CRM WordPress Plugin – RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not prop…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-47480

Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerabi…

CVSS: 7.8 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
2024-12-16
Critical

CVE-2024-55949

MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit…

CVSS: 9.3 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2024-54229

Incorrect Privilege Assignment vulnerability in straightvisions GmbH SV100 Companion sv100-companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through <= 2.0.02.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-56012

Cross-Site Request Forgery (CSRF) vulnerability in lizeipe Flash News / Post (Responsive) flashnews-fading-effect-pearlbells allows Privilege Escalation.This issue affects Flash News / Post (Responsi…

CVSS: 9.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-54379

Missing Authorization vulnerability in blokhauswp Minterpress minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through <= 1.0.5.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-54378

Missing Authorization vulnerability in Quietly Quietly Insights quietly-insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through <= 1.2.2.

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-54365

Incorrect Privilege Assignment vulnerability in Knowhalim KH Easy User Settings kh-easy-user-settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through <= 1.0.0.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-54363

Incorrect Privilege Assignment vulnerability in saiful.total Wp NssUser Register wp-nssuser-register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through <= 1.0.0.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-54352

Cross-Site Request Forgery (CSRF) vulnerability in Sabri Sogrid sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through <= 1.5.2.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-12-14
High

CVE-2024-31891

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can…

CVSS: 7.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2024-11721

The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select…

CVSS: 8.1 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-12-13
High

CVE-2024-12552

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2024-54293

Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite ce21-suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through <= 2.2.0.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-54248

Cross-Site Request Forgery (CSRF) vulnerability in eewee eewee admin custom eewee-admincustom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through <= 1.8.2.4.

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
Critical

CVE-2024-54239

Missing Authorization vulnerability in dugudlabs Eyewear prescription form eyewear-prescription-form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through <= 4.0.…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-10783

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-12
High

CVE-2024-11689

The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displ…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
High

CVE-2024-11443

The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in al…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-54515

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-281 - Improper Preservation of Permissions View on NVD
High

CVE-2024-44291

A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileges.

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2024-44224

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. A malicious app may be able to gain root privileg…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-49138

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-49114

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-820 - Missing Synchronization View on NVD
Medium

CVE-2024-49111

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-49110

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-49109

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-49107

WmsRepair Service Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2024-49101

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-49097

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-49095

Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2024-49094

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-49093

Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
Medium

CVE-2024-49092

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-49090

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-49088

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-126 - Buffer Over-read View on NVD
High

CVE-2024-49084

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
Medium

CVE-2024-49083

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-49081

Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability

CVSS: 6.6 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
Medium

CVE-2024-49078

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-49077

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-49076

Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2024-49074

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Medium

CVE-2024-49073

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2024-49072

Windows Task Scheduler Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-49068

Microsoft SharePoint Elevation of Privilege Vulnerability

CVSS: 8.2 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-49059

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-43600

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43594

Microsoft System Center Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-11872

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games La…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-12-11
High

CVE-2024-9845

Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-8496

Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-11598

Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-11597

Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-10251

Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2024-11401

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the…

CVSS: 5.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-53289

Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading…

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2024-52537

Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to…

CVSS: 6.3 CWE: CWE-61 - UNIX Symbolic Link (Symlink) Following View on NVD
2024-12-10
Low

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could all…

CVSS: 2.7 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
Medium

CVE-2024-47585

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting…

CVSS: 4.3 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-55634

A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8.

CVSS: 8.1 CWE: CWE-178 - Improper Handling of Case Sensitivity View on NVD
2024-12-09
High

CVE-2024-50627

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific p…

CVSS: 8.8 CWE: CWE-552 - Files or Directories Accessible to External Parties View on NVD
High

CVE-2024-50625

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to a…

CVSS: 8.0 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
High

CVE-2024-49600

Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading t…

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
Critical

CVE-2024-43222

Missing Authorization vulnerability in SeventhQueen Sweet Date sweetdate allows Privilege Escalation.This issue affects Sweet Date: from n/a through <= 3.7.3.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-06
High

CVE-2024-11220

A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file…

CVSS: 7.8 CWE: CWE-279 - Incorrect Execution-Assigned Permissions View on NVD
Critical

CVE-2024-12155

The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function i…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
High

CVE-2024-11323

The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style()…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-04
High

CVE-2024-11643

The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessibl…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-12-03
High

CVE-2024-54131

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-12-02
High

CVE-2024-53484

Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key.

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2024-46908

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escal…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-46907

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalat…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-46906

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escala…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2024-46905

In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege esc…

CVSS: 8.8 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD