CVE Daily
← All tags

Tag: Privilege Escalation

All CVEs associated with "Privilege Escalation". Page 2/2 • 198 CVEs.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2025-04-02
High

CVE-2025-3067

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 135.0.7049.52 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege es…

CVSS: 8.8 CWE: N/A
Read more
2025-03-28
High

CVE-2025-2713

Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files.…

CVSS: 7.8 CWE: CWE-269
Read more
2025-03-20
High

CVE-2024-8248

A vulnerability in the normalizePath function in mintplex-labs/anything-llm version git 296f041 allows for path traversal, leading to arbitrary file read and write in the storage directory. This can…

CVSS: 7.2 CWE: CWE-29
Read more
Medium

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The is…

CVSS: 4.3 CWE: CWE-250
Read more
High

CVE-2024-10513

A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulnerability allows users with the 'm…

CVSS: 7.2 CWE: CWE-23
Read more
2025-03-19
Medium

CVE-2025-2324

Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023…

CVSS: 5.9 CWE: CWE-269
Read more
2025-03-17
High

CVE-2024-48013

Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access coul…

CVSS: 8.8 CWE: CWE-250
Read more
2025-03-14
Critical

CVE-2025-2000

A maliciously crafted QPY file can potential execute arbitrary-code embedded in the payload without privilege escalation when deserialising QPY formats < 13. A python process calling Qiskit 0.18.0 th…

CVSS: 9.8 CWE: CWE-502
Read more
2025-03-07
Medium

CVE-2025-1121

Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unen…

CVSS: 6.8 CWE: CWE-269
Read more
2025-02-20
High

CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.

CVSS: 8.8 CWE: CWE-269
Read more
2025-02-14
High

CVE-2025-25206

eLabFTW is an open source electronic lab notebook for research labs. Prior to version 5.1.15, an incorrect input validation could allow an authenticated user to read sensitive information, including…

CVSS: 8.3 CWE: CWE-89
Read more
2025-02-11
Medium

CVE-2025-21162

Photoshop Elements versions 2025.0 and earlier are affected by a Creation of Temporary File in Directory with Incorrect Permissions vulnerability that could result in privilege escalation in the cont…

CVSS: 5.5 CWE: CWE-379
Read more
2025-02-05
High

CVE-2025-0413

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Paral…

CVSS: 7.8 CWE: CWE-59
Read more
2025-01-29
High

CVE-2021-3978

When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://githu…

CVSS: 7.5 CWE: CWE-269
Read more
2025-01-08
Critical

CVE-2024-11350

The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's ide…

CVSS: 9.8 CWE: CWE-640
Read more
2025-01-03
High

CVE-2024-56320

GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, an…

CVSS: 8.8 CWE: CWE-285
Read more
2024-12-30
High

CVE-2024-12753

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker m…

CVSS: 7.3 CWE: CWE-59
Read more
2024-12-14
High

CVE-2024-31891

IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can…

CVSS: 7.8 CWE: CWE-250
Read more
2024-12-13
High

CVE-2024-12552

Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An…

CVSS: 7.8 CWE: CWE-59
Read more
2024-12-12
High

CVE-2024-11872

Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games La…

CVSS: 7.8 CWE: CWE-276
Read more
2024-11-22
High

CVE-2024-6260

Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalwar…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2024-6233

Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Poi…

CVSS: 7.8 CWE: CWE-59
Read more
2024-11-12
High

CVE-2024-8068

Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server…

CVSS: 8.0 CWE: CWE-269
Read more
2024-10-30
High

CVE-2024-9632

A flaw was found in the X.org server. Due to improperly tracked allocation size in _XkbSetCompatMap, a local attacker may be able to trigger a buffer overflow condition via a specially crafted payloa…

CVSS: 7.8 CWE: CWE-122
Read more
2024-10-25
High

CVE-2024-47031

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-329163861.

CVSS: 7.4 CWE: N/A
Read more
High

CVE-2024-47016

there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not nee…

CVSS: 7.8 CWE: CWE-276
Read more
High

CVE-2024-47014

Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.

CVSS: 8.8 CWE: CWE-276
Read more
High

CVE-2024-44098

In lwis_device_event_states_clear_locked of lwis_event.c, there is a possible privilege escalation due to a double free. This could lead to local escalation of privilege with no additional execution…

CVSS: 7.4 CWE: CWE-415
Read more
2024-10-22
High

CVE-2024-41183

Trend Micro VPN, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite under specific conditions that can lead to elevation of privileges.

CVSS: 7.8 CWE: CWE-73
Read more
2024-10-08
High

CVE-2024-9167

Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation.

CVSS: 7.8 CWE: CWE-276
Read more
2024-08-13
Critical

CVE-2024-43153

Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10.

CVSS: 9.8 CWE: CWE-269
Read more
2024-07-29
High

CVE-2024-6576

Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 befo…

CVSS: 7.3 CWE: CWE-287
Read more
2024-07-15
Medium

CVE-2024-39819

Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.

CVSS: 6.7 CWE: CWE-269
Read more
High

CVE-2024-27240

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

CVSS: 7.1 CWE: CWE-20
Read more
High

CVE-2024-27238

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

CVSS: 7.1 CWE: CWE-367
Read more
2024-07-12
High

CVE-2024-6677

Privilege escalation in uberAgent

CVSS: 7.8 CWE: CWE-269
Read more
2024-07-11
High

CVE-2024-39546

A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain…

CVSS: 7.3 CWE: CWE-862
Read more
2024-07-10
High

CVE-2024-6286

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows

CVSS: 7.8 CWE: CWE-269
Read more
High

CVE-2024-6151

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS

CVSS: 7.8 CWE: CWE-269
Read more
2024-06-21
High

CVE-2024-31890

IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system ca…

CVSS: 7.8 CWE: CWE-250
Read more
2024-06-13
High

CVE-2024-32929

In gpu_slc_get_region of pixel_gpu_slc.c, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User intera…

CVSS: 8.1 CWE: CWE-416
Read more
2024-06-10
Medium

CVE-2024-36473

Trend Micro VPN Proxy One Pro, version 5.8.1012 and below is vulnerable to an arbitrary file overwrite or create attack but is limited to local Denial of Service (DoS) and under specific conditions c…

CVSS: 5.3 CWE: CWE-73
Read more
High

CVE-2024-32849

Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.

CVSS: 7.8 CWE: CWE-269
Read more
2024-05-22
High

CVE-2024-4454

WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecu…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-51636

Avira Prime Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avira Prime. An attacker must first…

CVSS: 7.8 CWE: CWE-59
Read more
2024-05-14
High

CVE-2023-35841

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: b…

CVSS: 7.8 CWE: CWE-732
Read more
2024-05-07
Medium

CVE-2021-34981

Linux Kernel Bluetooth CMTP Module Double Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel. An attac…

CVSS: 6.7 CWE: CWE-415
Read more
High

CVE-2024-27273

IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may l…

CVSS: 8.1 CWE: CWE-266
Read more
2024-05-03
High

CVE-2023-50228

Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected insta…

CVSS: 7.8 CWE: CWE-347
Read more
High

CVE-2023-50226

Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-50197

Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver &…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-44410

D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authen…

CVSS: 8.8 CWE: CWE-285
Read more
High

CVE-2023-42126

G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-42125

Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Premiu…

CVSS: 7.8 CWE: CWE-706
Read more
High

CVE-2023-42124

Avast Premium Security Sandbox Protection Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Ava…

CVSS: 7.8 CWE: CWE-863
Read more
High

CVE-2023-42122

Control Web Panel wloggui Command Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Control Web Panel.…

CVSS: 7.8 CWE: CWE-78
Read more
High

CVE-2023-42099

Intel Driver & Support Assistant Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Intel Driver &…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-34298

Pulse Secure Client SetupService Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Pulse Secu…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32179

VIPRE Antivirus Plus FPQuarTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivi…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-32178

VIPRE Antivirus Plus TelFileTransfer Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antiv…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-32177

VIPRE Antivirus Plus DeleteHistoryFile Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPR…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32176

VIPRE Antivirus Plus SetPrivateConfig Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPR…

CVSS: 7.8 CWE: CWE-22
Read more
High

CVE-2023-32175

VIPRE Antivirus Plus Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Antivirus Plus. An at…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-32168

D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of D-Link D-View. Authent…

CVSS: 8.8 CWE: CWE-285
Read more
High

CVE-2023-32155

Tesla Model 3 bcmdhd Out-Of-Bounds Write Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected Tesla Model 3 vehicles. An attacker mus…

CVSS: 7.0 CWE: CWE-787
Read more
High

CVE-2023-27362

3CX Uncontrolled Search Path Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of 3CX. An attacker must first obtain…

CVSS: 7.8 CWE: CWE-427
Read more
High

CVE-2023-27347

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An…

CVSS: 7.8 CWE: CWE-59
Read more
High

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An…

CVSS: 7.8 CWE: CWE-91
Read more
High

CVE-2023-27327

Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels…

CVSS: 7.5 CWE: CWE-367
Read more
High

CVE-2023-27326

Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Deskto…

CVSS: 8.2 CWE: CWE-22
Read more
High

CVE-2023-27325

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665
Read more
High

CVE-2023-27324

Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665
Read more
High

CVE-2023-27323

Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels D…

CVSS: 7.8 CWE: CWE-367
Read more
High

CVE-2023-27322

Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Des…

CVSS: 7.8 CWE: CWE-665
Read more
2024-02-09
High

CVE-2024-0229

An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to a…

CVSS: 7.8 CWE: CWE-787
Read more
2023-12-13
High

CVE-2023-6377

A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege…

CVSS: 7.8 CWE: CWE-125
Read more
2021-04-19
High

CVE-2021-21981

VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local…

CVSS: 7.8 CWE: CWE-269
Read more
2019-07-15
High

CVE-2019-0880

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'.

CVSS: 7.8 CWE: N/A
Read more