CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 16/66 • 7822 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7822 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2024-11-28
Critical

CVE-2024-11103

The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a u…

CVSS: 9.8 CWE: CWE-640 - Weak Password Recovery Mechanism for Forgotten Password View on NVD
Critical

CVE-2024-11925

The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity wh…

CVSS: 9.8 CWE: CWE-288 - Authentication Bypass Using an Alternate Path or Channel View on NVD
2024-11-26
Critical

CVE-2024-49038

Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network.

CVSS: 9.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-52336

A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-38831

VMware Aria Operations contains a local privilege escalation vulnerability.  A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-38830

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user o…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Critical

CVE-2024-11024

The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not proper…

CVSS: 9.8 CWE: CWE-230 - Improper Handling of Missing Values View on NVD
Medium

CVE-2024-6476

Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart.…

CVSS: 4.2 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-11-25
High

CVE-2024-7915

The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file d…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2024-27134

Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU a…

CVSS: 7.0 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-11-23
High

CVE-2024-9941

The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-11-22
High

CVE-2024-9245

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2024-9244

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2024-8357

Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected install…

CVSS: 7.8 CWE: CWE-1326 - Missing Immutable Root of Trust in Hardware View on NVD
High

CVE-2024-8356

Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected i…

CVSS: 7.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2024-7253

NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attack…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-7245

Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda S…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2024-7244

Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An a…

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-7243

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An atta…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7242

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An atta…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7241

Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An atta…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7240

F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7239

VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security.…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7238

VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced S…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7237

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7234

AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7233

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivir…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7232

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivir…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7231

Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7230

Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7229

Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-7227

Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivir…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-6871

G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA To…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2024-9766

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalwar…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-6233

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Poi…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30377

G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total S…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-30376

Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F…

CVSS: 7.3 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-1868

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-1867

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2021-38116

Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-11-21
High

CVE-2024-9875

Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerabi…

CVSS: 7.1 CWE: CWE-20 - Improper Input Validation View on NVD
2024-11-20
Critical

CVE-2024-9479

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

CVSS: 10.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-9478

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.

CVSS: 10.0 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-52442

Incorrect Privilege Assignment vulnerability in userplus UserPlus userplus allows Privilege Escalation.This issue affects UserPlus: from n/a through <= 2.0.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-52438

Missing Authentication for Critical Function vulnerability in deco.agency de:branding debranding allows Privilege Escalation.This issue affects de:branding: from n/a through <= 1.0.2.

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-52437

Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System banner-system allows Privilege Escalation.This issue affects Banner System: from n/a through <= 1.0.0.

CVSS: 8.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
2024-11-19
Medium

CVE-2018-9371

In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could…

CVSS: 6.4 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-13315

In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activ…

CVSS: 7.8 CWE: CWE-131 - Incorrect Calculation of Buffer Size View on NVD
High

CVE-2024-11075

A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage…

CVSS: 8.8 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2024-11194

The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigure…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-11-18
High

CVE-2024-9474

A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privi…

CVSS: 7.2 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
Critical

CVE-2024-0012

An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perfo…

CVSS: 9.8 CWE: CWE-306 - Missing Authentication for Critical Function View on NVD
High

CVE-2024-8781

Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse. This issue affe…

CVSS: 8.7 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
2024-11-17
High

CVE-2020-25720

A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-se…

CVSS: 7.5 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-52867

guix-daemon in GNU Guix before 5ab3c4c allows privilege escalation because build outputs are accessible by local users before file metadata concerns (e.g., for setuid and setgid programs) are properl…

CVSS: 8.1 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2024-11-16
High

CVE-2024-9192

The WordPress Video Robot - The Ultimate Video Importer plugin for WordPress is vulnerable to privilege escalation due to insufficient validation on user meta that can be updated in the wpvr_rate_req…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-11-15
Medium

CVE-2024-49592

Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be "an adver…

CVSS: 6.7 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2024-49060

Azure Stack HCI Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
Medium

CVE-2024-52522

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to loca…

CVSS: 5.4 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
2024-11-14
Critical

CVE-2024-52382

Missing Authorization vulnerability in medmatech Matix Popup Builder medma-matix allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through <= 1.0.0.

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-11-13
Medium

CVE-2024-9476

A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafa…

CVSS: 5.1 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-10800

The WordPress User Extra Fields plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the ajax_save_fields() function in all versions up to, and including, 1…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-11-12
High

CVE-2024-51093

Stored Cross-Site Scripting (XSS) vulnerability in Snipe-IT - v7.0.13 allows an attacker to upload a malicious XML file containing JavaScript code. This can lead to privilege escalation when the payl…

CVSS: 8.7 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-11115

Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security…

CVSS: 8.8 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
Medium

CVE-2024-51722

A local privilege escalation vulnerability in the SecuSUITE Server (System Configuration) of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code r…

CVSS: 6.4 CWE: CWE-250 - Execution with Unnecessary Privileges View on NVD
High

CVE-2024-49042

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-43613

Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability

CVSS: 7.2 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2024-8068

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server…

CVSS: 8.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2024-49051

Microsoft PC Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2024-49049

Visual Studio Code Remote Extension Elevation of Privilege Vulnerability

CVSS: 7.1 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-49046

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2024-49044

Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-49039

Windows Task Scheduler Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-287 - Improper Authentication View on NVD
High

CVE-2024-49019

Active Directory Certificate Services Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-1390 - Weak Authentication View on NVD
Medium

CVE-2024-43646

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43644

Windows Client-Side Caching Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43643

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-43641

Windows Registry Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-43640

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-415 - Double Free View on NVD
Medium

CVE-2024-43638

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43637

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-43636

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
Medium

CVE-2024-43634

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2024-43631

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43630

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-121 - Stack-based Buffer Overflow View on NVD
High

CVE-2024-43629

Windows DWM Core Library Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43626

Windows Telephony Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-43625

Microsoft Windows VMSwitch Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2024-43624

Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2024-43623

Windows NT OS Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2024-43530

Windows Update Stack Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2024-43452

Windows Registry Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
Medium

CVE-2024-43449

Windows USB Video Class System Driver Elevation of Privilege Vulnerability

CVSS: 6.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2024-21958

Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21957

Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21946

Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21945

Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21939

Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21938

Incorrect default permissions in the AMD Management Plugin for the Microsoft® System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation…

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-21937

Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.

CVSS: 7.3 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2024-10945

A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a f…

CVSS: 7.3 CWE: CWE-754 - Improper Check for Unusual or Exceptional Conditions View on NVD
High

CVE-2024-33658

APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Restriction of Operations within the Bounds of a Memory Buffer by local. Successful exploitation of this vulnerability…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2024-49558

Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potenti…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-11-09
Critical

CVE-2024-10589

The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_set…

CVSS: 9.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2024-10508

The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6…

CVSS: 9.8 CWE: CWE-230 - Improper Handling of Missing Values View on NVD
High

CVE-2024-10674

The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in al…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
2024-11-08
High

CVE-2024-50634

A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation…

CVSS: 8.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2024-24409

Zohocorp ManageEngine ADManager Plus versions 7203 and prior are vulnerable to Privilege Escalation in the Modify Computers option.

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2024-11-05
High

CVE-2024-51380

Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a st…

CVSS: 8.4 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
High

CVE-2024-51240

An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package

CVSS: 8.0 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
High

CVE-2024-10711

The WooCommerce Report plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the settin…

CVSS: 8.8 CWE: CWE-352 - Cross-Site Request Forgery (CSRF) View on NVD
2024-11-04
Critical

CVE-2024-10035

Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Special Elements used in a Command ('Command Injection'), Improper Neutralization of Special Elements used in an…

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
2024-11-01
High

CVE-2024-48217

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.

CVSS: 8.8 CWE: CWE-639 - Authorization Bypass Through User-Controlled Key View on NVD
2024-10-30
High

CVE-2024-9419

Client / Server PCs with the HP Smart Universal Printing Driver installed are potentially vulnerable to Remote Code Execution and/or Elevation of Privilege. A client using the HP Smart Universal Prin…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2024-50506

Incorrect Privilege Assignment vulnerability in azexo Marketing Automation by AZEXO marketing-automation-by-azexo allows Privilege Escalation.This issue affects Marketing Automation by AZEXO: from n/…

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
High

CVE-2024-50504

Incorrect Privilege Assignment vulnerability in webxmedia Bulk Change Role bulk-role-change allows Privilege Escalation.This issue affects Bulk Change Role: from n/a through <= 1.1.

CVSS: 8.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
2024-10-29
High

CVE-2024-50550

Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache allows Privilege Escalation.This issue affects LiteSpeed Cache: from n/a through <= 6.5.1.

CVSS: 8.1 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD
Critical

CVE-2024-50485

Incorrect Privilege Assignment vulnerability in Udit Rawat Exam Matrix exam-matrix allows Privilege Escalation.This issue affects Exam Matrix: from n/a through <= 1.5.

CVSS: 9.8 CWE: CWE-266 - Incorrect Privilege Assignment View on NVD