Total
2504 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39202 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | N/A | 7.3 HIGH |
| A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. | |||||
| CVE-2026-23477 | 1 Rocket.chat | 1 Rocket.chat | 2026-01-26 | N/A | 7.7 HIGH |
| Rocket.Chat is an open-source, secure, fully customizable communications platform. In Rocket.Chat versions up to 6.12.0, the API endpoint GET /api/v1/oauth-apps.get is exposed to any authenticated user, regardless of their role or permissions. This endpoint returns an OAuth application, as long as the user knows its ID, including potentially sensitive fields such as client_id and client_secret. This vulnerability is fixed in 6.12.0. | |||||
| CVE-2025-15403 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| The RegistrationMagic plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.0.7.1. This is due to the 'add_menu' function is accessible via the 'rm_user_exists' AJAX action and allows arbitrary updates to the 'admin_order' setting. This makes it possible for unauthenticated attackers to injecting an empty slug into the order parameter, and manipulate the plugin's menu generation logic, and when the admin menu is subsequently built, the plugin adds 'manage_options' capability for the target role. Note: The vulnerability can only be exploited unauthenticated, but further privilege escalation requires at least a subscriber user. | |||||
| CVE-2025-14533 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 0.9.2.1. This is due to the 'insert_user' function not restricting the roles with which a user can register. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. Note: The vulnerability can only be exploited if 'role' is mapped to the custom field. | |||||
| CVE-2026-0920 | 2026-01-26 | N/A | 9.8 CRITICAL | ||
| The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Administrative User Creation in all versions up to, and including, 1.5.6.3. This is due to the 'ajax_register_handle' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'lakit_bkrole' parameter during registration and gain administrator access to the site. | |||||
| CVE-2026-23990 | 2026-01-26 | N/A | 5.3 MEDIUM | ||
| The Flux Operator is a Kubernetes CRD controller that manages the lifecycle of CNCF Flux CD and the ControlPlane enterprise distribution. Starting in version 0.36.0 and prior to version 0.40.0, a privilege escalation vulnerability exists in the Flux Operator Web UI authentication code that allows an attacker to bypass Kubernetes RBAC impersonation and execute API requests with the operator's service account privileges. In order to be vulnerable, cluster admins must configure the Flux Operator with an OIDC provider that issues tokens lacking the expected claims (e.g., `email`, `groups`), or configure custom CEL expressions that can evaluate to empty values. After OIDC token claims are processed through CEL expressions, there is no validation that the resulting `username` and `groups` values are non-empty. When both values are empty, the Kubernetes client-go library does not add impersonation headers to API requests, causing them to be executed with the flux-operator service account's credentials instead of the authenticated user's limited permissions. This can result in privilege escalation, data exposure, and/or information disclosure. Version 0.40.0 patches the issue. | |||||
| CVE-2025-66428 | 2026-01-26 | N/A | 8.8 HIGH | ||
| An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. | |||||
| CVE-2025-59094 | 2026-01-26 | N/A | N/A | ||
| A local privilege escalation vulnerability has been identified in the Kaba exos 9300 System management application (d9sysdef.exe). Within this application it is possible to specify an arbitrary executable as well as the weekday and start time, when the specified executable should be run with SYSTEM privileges. | |||||
| CVE-2024-22922 | 1 Projectworlds | 1 Visitor Management System | 2026-01-23 | N/A | 9.8 CRITICAL |
| An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | |||||
| CVE-2026-1010 | 1 Altium | 1 On-prem Enterprise Server | 2026-01-23 | N/A | 8.0 HIGH |
| A stored cross-site scripting (XSS) vulnerability exists in the Altium Workflow Engine due to missing server-side input sanitization in workflow form submission APIs. A regular authenticated user can inject arbitrary JavaScript into workflow data. When an administrator views the affected workflow, the injected payload executes in the administrator’s browser context, allowing privilege escalation, including creation of new administrator accounts, session token theft, and execution of administrative actions. | |||||
| CVE-2025-67246 | 1 Ludashi | 1 Ludashi Driver | 2026-01-23 | N/A | 7.3 HIGH |
| A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresses. The handler maps arbitrary physical memory via MmMapIoSpace and copies data back to user mode without verifying the caller's privileges or the target address range. This allows unprivileged users to read arbitrary physical memory, potentially exposing kernel data structures, kernel pointers, security tokens, and other sensitive information. This vulnerability can be further exploited to bypass the Kernel Address Space Layout Rules (KASLR) and achieve local privilege escalation. | |||||
| CVE-2025-11561 | 2026-01-22 | N/A | 8.8 HIGH | ||
| A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts. | |||||
| CVE-2023-25701 | 1 Watchtowerhq | 1 Watchtower | 2026-01-21 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | |||||
| CVE-2025-43019 | 1 Hp | 1 Support Assistant | 2026-01-20 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion. | |||||
| CVE-2025-26513 | 1 Netapp | 1 San Host Utilities | 2026-01-16 | N/A | 7.0 HIGH |
| The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. | |||||
| CVE-2026-22804 | 1 Termix | 1 Termix | 2026-01-16 | N/A | 8.0 HIGH |
| Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting (XSS) vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. This allows an attacker who has compromised a managed SSH server to plant a malicious file, which, when previewed by the Termix user, executes arbitrary JavaScript in the context of the application. The vulnerability is located in src/ui/desktop/apps/file-manager/components/FileViewer.tsx. This vulnerability is fixed in 1.10.0. | |||||
| CVE-2025-10578 | 1 Hp | 1 Support Assistant | 2026-01-16 | N/A | 7.8 HIGH |
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.47.41.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | |||||
| CVE-2026-22043 | 1 Rustfs | 1 Rustfs | 2026-01-15 | N/A | 9.8 CRITICAL |
| RustFS is a distributed object storage system built in Rust. In versions 1.0.0-alpha.13 through 1.0.0-alpha.78, a flawed `deny_only` short-circuit in RustFS IAM allows a restricted service account or STS credential to self-issue an unrestricted service account, inheriting the parent’s full privileges. This enables privilege escalation and bypass of session/inline policy restrictions. Version 1.0.0-alpha.79 fixes the issue. | |||||
| CVE-2025-0358 | 1 Axis | 1 Axis Os | 2026-01-15 | N/A | 8.8 HIGH |
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | |||||
| CVE-2022-37019 | 1 Hp | 52 Elite Slice, Elite Slice Firmware, Elite Slice For Meeting Rooms and 49 more | 2026-01-14 | N/A | 6.8 MEDIUM |
| Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities. | |||||