Search Results (2902 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-31498 1 Yubico 1 Yubikey Manager Gui 2026-04-15 8.8 High
Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator.
CVE-2024-31502 1 Munyweki 1 Insurance Management System 2026-04-15 8.1 High
An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff.
CVE-2024-33872 1 Keyfactor 1 Command 2026-04-15 9.8 Critical
Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
CVE-2024-3057 1 Purestorage 1 Flasharray 2026-04-15 9.8 Critical
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.
CVE-2024-3137 2026-04-15 N/A
Improper Privilege Management in uvdesk/community-skeleton
CVE-2024-33567 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.
CVE-2024-29667 1 Tongtianxing Technology Co Ltd 1 Cmsv6 2026-04-15 9.8 Critical
SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.
CVE-2024-21813 2026-04-15 7.9 High
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-3852 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The WPshop 2 – E-Commerce plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.0 to 2.6.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email & password through the update() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account.
CVE-2024-27357 2026-04-15 5.8 Medium
An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.
CVE-2023-32244 1 Xtemos 1 Woodmart Core 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.
CVE-2024-20262 1 Cisco 1 Ios Xr Software 2026-04-15 6.5 Medium
A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely.
CVE-2025-13176 1 Eset 1 Inspect Connector 2026-04-15 N/A
Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL.
CVE-2025-37123 2 Arubanetworks, Hp 2 Edgeconnect Enterprise, Arubaos 2026-04-15 8.8 High
A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.
CVE-2025-37186 2 Hp, Linux 2 Aruba Virtual Intranet Access, Linux 2026-04-15 7.8 High
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.
CVE-2024-21807 1 Intel 1 Ethernet Complete Driver Pack 2026-04-15 8.8 High
Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-13376 1 Wordpress 1 Wordpress 2026-04-15 8.8 High
The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
CVE-2025-37101 2026-04-15 8.7 High
A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions).
CVE-2016-15045 2026-04-15 N/A
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
CVE-2025-36640 2 Microsoft, Tenable 2 Windows, Nessus Agent 2026-04-15 8.8 High
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.