Search Results (74 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-54424 1 Unity 1 Parsec 2026-07-07 8.4 High
An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.
CVE-2026-11877 1 Opentext 1 Access Manager 2026-06-24 N/A
An unauthorized user can modify configuration through API calls that affects the OpenText Access Manager. This issue affects Access Manager before 5.1.3.
CVE-2026-12018 2 Google, Microsoft 2 Chrome, Windows 2026-06-12 8.8 High
Inappropriate implementation in Mojo in Google Chrome on Windows prior to 149.0.7827.115 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High)
CVE-2026-11296 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-09 7.5 High
Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-11308 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-08 6.3 Medium
Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Low)
CVE-2026-11108 1 Google 2 Android, Chrome 2026-06-08 8.8 High
Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)
CVE-2025-1161 1 Nomysost 1 Nomysem 2026-06-06 7.1 High
Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025.
CVE-2025-2311 2026-06-06 9 Critical
Incorrect Use of Privileged APIs, Cleartext Transmission of Sensitive Information, Insufficiently Protected Credentials vulnerability in Sechard Information Technologies SecHard allows Authentication Bypass, Interface Manipulation, Authentication Abuse, Harvesting Information via API Event Monitoring. This issue affects SecHard: before 3.3.0.20220411.
CVE-2025-5997 1 Beamsec 1 Phishpro 2026-06-05 8.8 High
Incorrect Use of Privileged APIs vulnerability in Beamsec PhishPro allows Privilege Abuse. This issue affects PhishPro: before 7.5.4.2.
CVE-2026-9560 2 Openvpn, Openvpn Inc 2 Connect, Openvpn Connect 2026-05-27 7.8 High
Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel
CVE-2023-4972 1 Yepas 1 Digital Yepas 2026-05-21 9.8 Critical
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1.
CVE-2023-6150 1 Eskom 1 E-belediye 2026-05-20 7.5 High
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105.
CVE-2023-6151 1 Eskom 1 E-belediye 2026-05-20 7.5 High
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105.
CVE-2023-4993 1 Utarit 2 Solipay Mobile, Solipay Mobile App 2026-05-20 7.5 High
Incorrect Use of Privileged APIs vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users. This issue affects SoliPay Mobile App: before 5.0.8.
CVE-2023-6522 1 Extremepacs 1 Extreme Xds 2026-05-20 7.2 High
Incorrect Use of Privileged APIs vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3914.
CVE-2026-41225 1 F5 1 Big-ip 2026-05-13 9.1 Critical
A vulnerability exists in iControl REST where a highly privileged, authenticated attacker with at least the Manager role can create configuration objects that allow running arbitrary commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2026-41386 1 Openclaw 1 Openclaw 2026-04-29 9.1 Critical
OpenClaw before 2026.3.22 contains a privilege escalation vulnerability where bootstrap setup codes are not bound to intended device roles and scopes during pairing. Attackers can exploit this during first-use device pairing to escalate privileges beyond their intended role and scope.
CVE-2009-3290 2 Linux, Redhat 2 Linux Kernel, Rhel Virtualization 2026-04-23 N/A
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
CVE-2026-41329 1 Openclaw 1 Openclaw 2026-04-22 9.9 Critical
OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can exploit improper context validation to bypass sandbox restrictions and achieve unauthorized privilege escalation.
CVE-2026-20122 1 Cisco 1 Catalyst Sd-wan Manager 2026-04-21 5.4 Medium
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This vulnerability is due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges.