Total
2505 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2025-01-29 | N/A | 9.9 CRITICAL |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | |||||
| CVE-2020-23362 | 1 Yershop Project | 1 Yershop | 2025-01-29 | N/A | 7.1 HIGH |
| Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | |||||
| CVE-2023-41776 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | N/A | 6.7 MEDIUM |
| There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges. | |||||
| CVE-2023-30765 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-27 | N/A | 8.8 HIGH |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation. | |||||
| CVE-2024-43446 | 2025-01-27 | N/A | 3.5 LOW | ||
| An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | |||||
| CVE-2025-21287 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-01-24 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-3388 | 1 Paloaltonetworks | 2 Pan-os, Prisma Access | 2025-01-24 | N/A | 4.1 MEDIUM |
| A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets. | |||||
| CVE-2023-29819 | 1 Webroot | 1 Secureanywhere | 2025-01-24 | N/A | 5.5 MEDIUM |
| An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload. | |||||
| CVE-2024-0622 | 1 Microfocus | 1 Operations Agent | 2025-01-23 | N/A | 8.8 HIGH |
| Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. | |||||
| CVE-2024-29976 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | 6.5 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device. | |||||
| CVE-2024-29975 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | N/A | 6.7 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device. | |||||
| CVE-2024-1575 | 1 Zyxel | 40 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 37 more | 2025-01-22 | N/A | 6.5 MEDIUM |
| The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | |||||
| CVE-2024-28241 | 1 Glpi-project | 1 Glpi Agent | 2025-01-22 | N/A | 7.3 HIGH |
| The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which involves installed folder is automatically secured by the system. | |||||
| CVE-2024-12398 | 1 Zyxel | 46 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 43 more | 2025-01-21 | N/A | 8.8 HIGH |
| An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. | |||||
| CVE-2020-15934 | 1 Fortinet | 1 Forticlient | 2025-01-21 | N/A | 8.8 HIGH |
| An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine. | |||||
| CVE-2025-21343 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-01-21 | N/A | 7.5 HIGH |
| Windows Web Threat Defense User Service Information Disclosure Vulnerability | |||||
| CVE-2023-1694 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2023-1693 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-21 | N/A | 7.5 HIGH |
| The Settings module has the file privilege escalation vulnerability.Successful exploitation of this vulnerability may affect confidentiality. | |||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2025-01-17 | N/A | 7.8 HIGH |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | |||||
| CVE-2024-55954 | 2025-01-16 | N/A | 8.7 HIGH | ||
| OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an "Admin" user from removing a "Root" user. As a result, an attacker with an "Admin" role can remove critical "Root" users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | |||||