CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 26/66 • 7823 CVEs.

Subscribe CVEs: RSS for “Privilege Escalation”  ·  RSS (High+Critical only)

About “Privilege Escalation”

A curated feed of “Privilege Escalation”-related CVEs appears below. We currently track 7823 CVEs for this tag (all time). In the last 365 days, 1227 were published. Average CVSS is 7.7 (all time; 7.9 over 365d), and 84% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-269 - Improper Privilege Management, CWE-266 - Incorrect Privilege Assignment, CWE-862 - Missing Authorization.

In our taxonomy this topic maps to a LOW impact class. Vendor advisories and release notes are key. Verify compatibility matrices, prefer supported long term versions, and stage rollouts with monitoring. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2023-07-11
High

CVE-2023-35328

Windows Transaction Manager Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-197 - Numeric Truncation Error View on NVD
High

CVE-2023-35320

Connected User Experiences and Telemetry Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-35317

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-502 - Deserialization of Untrusted Data View on NVD
High

CVE-2023-35312

Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-35305

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-35304

Windows Kernel Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-122 - Heap-based Buffer Overflow View on NVD
High

CVE-2023-35299

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2023-33156

Microsoft Defender Elevation of Privilege Vulnerability

CVSS: 6.3 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-33155

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-33154

Windows Partition Management Driver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition View on NVD
High

CVE-2023-33148

Microsoft Office Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-33127

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-1220 - Insufficient Granularity of Access Control View on NVD
High

CVE-2023-32056

Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Medium

CVE-2023-32055

Active Template Library Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-32054

Volume Shadow Copy Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: CWE-36 - Absolute Path Traversal View on NVD
High

CVE-2023-32053

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32050

Windows Installer Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32046

Windows MSHTML Platform Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2023-21756

Windows Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3269

A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problem…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2023-29130

A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An at…

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD
2023-07-10
High

CVE-2023-30765

​Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-27558

IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vuln…

CVSS: 8.4 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-1597

The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users…

CVSS: 8.8 CWE: N/A View on NVD
2023-07-07
Medium

CVE-2023-34197

Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unp…

CVSS: 5.4 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-07-06
Critical

CVE-2021-46894

Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.

CVSS: 9.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-07-05
High

CVE-2023-36813

Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or…

CVSS: 7.1 CWE: CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') View on NVD
High

CVE-2023-31248

Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespa…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2023-07-03
Medium

CVE-2023-3438

An unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). The misconfiguration allowed an unauthorized local user to in…

CVSS: 4.4 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
High

CVE-2023-3313

An OS common injection vulnerability exists in the ESM certificate API, whereby incorrectly neutralized special elements may have allowed an unauthorized user to execute system command injection for…

CVSS: 7.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2023-07-01
High

CVE-2023-30586

A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permiss…

CVSS: 7.5 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2023-28324

A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.

CVSS: 9.8 CWE: CWE-20 - Improper Input Validation View on NVD
Medium

CVE-2021-34475

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 5.4 CWE: N/A View on NVD
2023-06-30
High

CVE-2023-33298

com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Medium

CVE-2023-37360

pacparser_find_proxy in Pacparser before 1.4.2 allows JavaScript injection, and possibly privilege escalation, when the attacker controls the URL (which may be realistic within enterprise security pr…

CVSS: 5.9 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Critical

CVE-2023-35175

Certain HP LaserJet Pro print products are potentially vulnerable to Potential Remote Code Execution and/or Elevation of Privilege via Server-Side Request Forgery (SSRF) using the Web Service Eventin…

CVSS: 9.8 CWE: CWE-918 - Server-Side Request Forgery (SSRF) View on NVD
2023-06-29
Medium

CVE-2022-26899

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 6.3 CWE: N/A View on NVD
High

CVE-2022-29146

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.3 CWE: N/A View on NVD
High

CVE-2022-29144

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
2023-06-28
High

CVE-2023-3390

A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c. Mishandled error handling with NFT_MSG_NEWRULE makes it possible to use a danglin…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3389

A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation. Racing a io_uring cancel poll request with a linked timeout can cause a…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-3090

A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initi…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2021-31937

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 8.2 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-06-27
High

CVE-2023-34395

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Apache Software Foundation Apache Airflow ODBC Provider. In OdbcHook, A privilege escalation vulner…

CVSS: 7.8 CWE: CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') View on NVD
2023-06-26
Medium

CVE-2023-30902

A privilege escalation vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to unintentionally delete privileged Trend Micro registry keys including…

CVSS: 5.5 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-06-25
High

CVE-2023-36630

In CloudPanel before 2.3.1, insecure file upload leads to privilege escalation and authentication bypass.

CVSS: 8.8 CWE: CWE-434 - Unrestricted Upload of File with Dangerous Type View on NVD
2023-06-24
High

CVE-2023-1724

Faveo Helpdesk Enterprise version 6.0.1 allows an attacker with agent permissions to perform privilege escalation on the application. This occurs because the application is vulnerable to stored XSS.

CVSS: 7.3 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-06-23
High

CVE-2023-27908

A maliciously crafted DLL file can be forced to write beyond allocated boundaries in the Autodesk installer when parsing the DLL files and could lead to a Privilege Escalation vulnerability.

CVSS: 7.8 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
High

CVE-2023-34671

Improper Access Control leads to privilege escalation affecting Elenos ETG150 FM transmitter running on version 3.12 by exploiting user's role in the user profile. An attack could occur over the publ…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2023-32413

A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6…

CVSS: 7.0 CWE: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') View on NVD
High

CVE-2023-32405

A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
Medium

CVE-2023-28065

Dell Command | Update, Dell Update, and Alienware Update versions 4.8.0 and prior contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potential…

CVSS: 6.7 CWE: CWE-1386 - Insecure Operation on Windows Junction / Mount Point View on NVD
2023-06-20
High

CVE-2023-3325

The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and…

CVSS: 8.1 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
2023-06-19
Critical

CVE-2023-34159

Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.

CVSS: 9.8 CWE: N/A View on NVD
2023-06-16
High

CVE-2023-35788

An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GEN…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
2023-06-15
High

CVE-2023-24032

In Zimbra Collaboration Suite through 9.0 and 8.8.15, an attacker (who has initial user access to a Zimbra server instance) can execute commands as root by passing one of JVM arguments, leading to lo…

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-2847

During internal security analysis, a local privilege escalation vulnerability has been identified. On a machine with the affected ESET product installed, it was possible for a user with lower privile…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-06-14
High

CVE-2023-0009

A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.

CVSS: 7.8 CWE: CWE-807 - Reliance on Untrusted Inputs in a Security Decision View on NVD
High

CVE-2023-24936

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2023-2569

A CWE-787: Out-of-Bounds Write vulnerability exists that could cause local denial-of-service, elevation of privilege, and potentially kernel execution when a malicious actor with local user access cr…

CVSS: 7.8 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2023-33142

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-285 - Improper Authorization View on NVD
High

CVE-2023-33135

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2023-32032

.NET and Visual Studio Elevation of Privilege Vulnerability

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-32012

Windows Container Manager Service Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32010

Windows Bus Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-591 - Sensitive Data Storage in Improperly Locked Memory View on NVD
High

CVE-2023-32009

Windows Collaborative Translation Framework Elevation of Privilege Vulnerability

CVSS: 8.8 CWE: CWE-284 - Improper Access Control View on NVD
High

CVE-2023-29371

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-29368

Windows Filtering Platform Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-415 - Double Free View on NVD
High

CVE-2023-29364

Windows Authentication Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-190 - Integer Overflow or Wraparound View on NVD
High

CVE-2023-29361

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.0 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-29360

Microsoft Streaming Service Elevation of Privilege Vulnerability

CVSS: 8.4 CWE: CWE-822 - Untrusted Pointer Dereference View on NVD
High

CVE-2023-29359

GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2023-29358

Windows GDI Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
Critical

CVE-2023-29357

Microsoft SharePoint Server Elevation of Privilege Vulnerability

CVSS: 9.8 CWE: CWE-303 - Incorrect Implementation of Authentication Algorithm View on NVD
High

CVE-2023-29351

Windows Group Policy Elevation of Privilege Vulnerability

CVSS: 8.1 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-29346

NTFS Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: CWE-681 - Incorrect Conversion between Numeric Types View on NVD
2023-06-13
High

CVE-2023-2637

Rockwell Automation's FactoryTalk System Services uses a hard-coded cryptographic key to generate administrator cookies.  Hard-coded cryptographic key may lead to privilege escalation.  This vulnerab…

CVSS: 7.3 CWE: CWE-321 - Use of Hard-coded Cryptographic Key View on NVD
2023-06-12
Critical

CVE-2023-32673

Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-26298

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-26297

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-26296

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
Critical

CVE-2023-26295

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVSS: 9.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-26294

Previous versions of HP Device Manager (prior to HPDM 5.0.10) could potentially allow command injection and/or elevation of privileges.

CVSS: 7.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2023-32221

EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.

CVSS: 8.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
2023-06-09
High

CVE-2023-32731

When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame. This caused any HPACK table mutations to also be skipped, resulting in a desynchronization o…

CVSS: 7.4 CWE: CWE-440 - Expected Behavior Violation View on NVD
2023-06-07
High

CVE-2023-33865

RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
Critical

CVE-2023-2530

A privilege escalation allowing remote code execution was discovered in the orchestration service.

CVSS: 9.8 CWE: N/A View on NVD
High

CVE-2023-3124

The Elementor Pro plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the update_page_option function in versions up to, and including, 3.11.6. T…

CVSS: 8.8 CWE: CWE-862 - Missing Authorization View on NVD
Critical

CVE-2021-4360

The Controlled Admin Access plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 1.5.5 by not properly restricting access to the configuration page. This makes…

CVSS: 9.9 CWE: CWE-284 - Improper Access Control View on NVD
Medium

CVE-2021-4344

The Frontend File Manager plugin for WordPress is vulnerable to Privilege Escalation in versions up to, and including, 18.2. This is due to lacking mishandling the use of user IDs that is accessible…

CVSS: 6.4 CWE: CWE-285 - Improper Authorization View on NVD
2023-06-06
High

CVE-2023-2833

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-06-05
High

CVE-2022-4569

A local privilege escalation vulnerability in the ThinkPad Hybrid USB-C with USB-A Dock Firmware Update Tool could allow an attacker with local access to execute code with elevated privileges during…

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2023-0635

Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise, Linux (2CQG103201S3021, 2CQG103202S3021, 2CQG103203S3021, 2CQG103204S3021 modules), ABB Ltd. NEXUS Se…

CVSS: 7.8 CWE: CWE-1391 - Use of Weak Credentials View on NVD
2023-06-03
High

CVE-2023-33143

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

CVSS: 7.5 CWE: N/A View on NVD
2023-06-02
Medium

CVE-2023-3033

Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web applica…

CVSS: 6.8 CWE: CWE-863 - Incorrect Authorization View on NVD
High

CVE-2023-27744

An issue was discovered in South River Technologies TitanFTP NextGen server that allows for a vertical privilege escalation leading to remote code execution.

CVSS: 7.8 CWE: CWE-94 - Improper Control of Generation of Code ('Code Injection') View on NVD
Critical

CVE-2022-45938

An issue was discovered in Comcast Defined Technologies microeisbss through 2021. An attacker can inject a stored XSS payload in the Device ID field under Inventory Management to achieve Remote Code…

CVSS: 9.0 CWE: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') View on NVD
2023-06-01
High

CVE-2023-2598

A flaw was found in the fixed buffer registration code for io_uring (io_sqe_buffer_register in io_uring/rsrc.c) in the Linux kernel that allows out-of-bounds access to physical memory beyond the end…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
High

CVE-2023-23953

Advanced Secure Gateway and Content Analysis, prior to 7.3.13.1 / 3.1.6.0, may be susceptible to an Elevation of Privilege vulnerability.

CVSS: 7.8 CWE: N/A View on NVD
2023-05-31
Critical

CVE-2023-33730

Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote attacker to retrieve password of any admin or normal user…

CVSS: 9.8 CWE: CWE-319 - Cleartext Transmission of Sensitive Information View on NVD
High

CVE-2022-35757

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
High

CVE-2022-35756

Windows Kerberos Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35755

Windows Print Spooler Elevation of Privilege Vulnerability

CVSS: 7.3 CWE: N/A View on NVD
Medium

CVE-2022-35754

Unified Write Filter Elevation of Privilege Vulnerability

CVSS: 6.7 CWE: N/A View on NVD
High

CVE-2022-35751

Windows Hyper-V Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35750

Win32k Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35749

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2022-35746

Windows Digital Media Receiver Elevation of Privilege Vulnerability

CVSS: 7.8 CWE: N/A View on NVD
Critical

CVE-2023-2987

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and inc…

CVSS: 9.8 CWE: CWE-345 - Insufficient Verification of Data Authenticity View on NVD
High

CVE-2023-2545

The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and…

CVSS: 8.1 CWE: CWE-862 - Missing Authorization View on NVD
2023-05-30
Critical

CVE-2023-29728

The Call Blocker application 6.6.3 for Android allows attackers to tamper with feature-related data, resulting in a severe elevation of privilege attack.

CVSS: 9.8 CWE: CWE-346 - Origin Validation Error View on NVD
High

CVE-2023-2939

Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security sev…

CVSS: 7.8 CWE: CWE-59 - Improper Link Resolution Before File Access ('Link Following') View on NVD
High

CVE-2023-32696

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to www-data) owned code and configuration files…

CVSS: 8.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2022-45853

The privilege escalation vulnerability in the Zyxel GS1900-8 firmware version V2.70(AAHH.3) and the GS1900-8HP firmware version V2.70(AAHI.3) could allow an authenticated, local attacker with admin…

CVSS: 6.7 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-30601

Privilege escalation when enabling FQL/Audit logs allows user with JMX access to run arbitrary commands as the user running Apache Cassandra This issue affects Apache Cassandra: from 4.0.0 through 4.…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
2023-05-26
High

CVE-2023-33779

A lateral privilege escalation vulnerability in XXL-Job v2.4.1 allows users to execute arbitrary commands on another user's account via a crafted POST request to the component /jobinfo/.

CVSS: 8.8 CWE: CWE-863 - Incorrect Authorization View on NVD
2023-05-25
High

CVE-2023-2480

Missing access permissions checks in M-Files Client before 23.5.12598.0 (excluding 23.2 SR2 and newer) allows elevation of privilege via UI extension applications

CVSS: 7.5 CWE: CWE-280 - Improper Handling of Insufficient Permissions or Privileges View on NVD
2023-05-23
Medium

CVE-2023-28390

Privilege escalation vulnerability in SR-7100VN firmware Ver.1.38(N) and earlier and SR-7100VN #31 firmware Ver.1.21 and earlier allows a network-adjacent attacker with administrative privilege of th…

CVSS: 6.8 CWE: N/A View on NVD
2023-05-20
High

CVE-2023-1694

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2023-1693

The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality.

CVSS: 7.5 CWE: CWE-269 - Improper Privilege Management View on NVD