Total
2504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53913 | 2025-09-12 | N/A | N/A | ||
| Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. | |||||
| CVE-2025-9059 | 2025-09-11 | N/A | N/A | ||
| The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | |||||
| CVE-2025-52915 | 2025-09-10 | N/A | 7.2 HIGH | ||
| K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. | |||||
| CVE-2025-49156 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 7.0 HIGH |
| A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-49157 | 1 Trendmicro | 1 Apex One | 2025-09-09 | N/A | 7.8 HIGH |
| A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-55582 | 1 Dlink | 2 Dcs-825l, Dcs-825l Firmware | 2025-09-09 | N/A | 6.6 MEDIUM |
| D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. | |||||
| CVE-2024-46916 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-09-09 | N/A | 8.1 HIGH |
| Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition. | |||||
| CVE-2022-20356 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | |||||
| CVE-2025-32345 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In updateState of ContentProtectionTogglePreferenceController.java, there is a possible way for a secondary user to disable the primary user's deceptive app scanning setting due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26462 | 1 Google | 1 Android | 2025-09-08 | N/A | 7.8 HIGH |
| In AccessibilityServiceConnection.java, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-32098 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-09-05 | N/A | 5.3 MEDIUM |
| An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. | |||||
| CVE-2025-36891 | 1 Google | 1 Android | 2025-09-05 | N/A | 8.8 HIGH |
| Elevation of privilege | |||||
| CVE-2025-36896 | 1 Google | 1 Android | 2025-09-05 | N/A | 9.8 CRITICAL |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-394765106. | |||||
| CVE-2025-36901 | 1 Google | 1 Android | 2025-09-05 | N/A | 8.8 HIGH |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396462223. | |||||
| CVE-2025-36904 | 1 Google | 1 Android | 2025-09-05 | N/A | 9.8 CRITICAL |
| WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384. | |||||
| CVE-2024-46989 | 1 Authzed | 1 Spicedb | 2025-09-04 | N/A | 3.7 LOW |
| spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. | |||||
| CVE-2024-45173 | 1 C-mor | 1 C-mor Video Surveillance | 2025-09-04 | N/A | 8.8 HIGH |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. | |||||
| CVE-2024-42050 | 1 Splashtop | 1 Streamer | 2025-09-03 | N/A | 7.0 HIGH |
| The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg. | |||||
| CVE-2025-57760 | 1 Langflow | 1 Langflow | 2025-09-03 | N/A | 8.8 HIGH |
| Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time. | |||||
| CVE-2024-3470 | 1 Github | 1 Enterprise Server | 2025-09-02 | N/A | 5.9 MEDIUM |
| An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use a deploy key pertaining to an organization to bypass an organization ruleset. An attacker would require access to a valid deploy key for a repository in the organization as well as repository administrator access. This vulnerability affected versions of GitHub Enterprise Server 3.11 to 3.12 and was fixed in versions 3.11.8 and 3.12.2. This vulnerability was reported via the GitHub Bug Bounty program. | |||||