Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9491 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-3828 1 Brainstormforce 1 Spectra Pro 2026-04-15 8.8 High
The Spectra Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.1.5. This is due to the plugin allowing lower-privileged users to create registration forms and set the default role to administrator This makes it possible for authenticated attackers, with author-level access and above, to create administrator-level accounts.
CVE-2025-69292 2 E-plugins, Wordpress 2 Wp Membership, Wordpress 2026-04-15 8.8 High
Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4.
CVE-2025-1424 2026-04-15 N/A
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.
CVE-2024-38818 1 Vmware 3 Cloud Foundation, Nsx, Nsx-t 2026-04-15 6.7 Medium
VMware NSX contains a local privilege escalation vulnerability.  An authenticated malicious actor may exploit this vulnerability to obtain permissions from a separate group role than previously assigned.
CVE-2025-22247 2026-04-15 6.1 Medium
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
CVE-2024-21813 2026-04-15 7.9 High
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-41228 1 Symlink 1 Symlink 2026-04-15 7.6 High
A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files.
CVE-2024-1138 1 Tibco 1 Ftl 2026-04-15 8.8 High
The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.
CVE-2024-22157 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.
CVE-2024-32009 1 Siemens 1 Spectrum Power 4 2026-04-15 7.8 High
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges.
CVE-2024-22303 1 Favethemes 1 Houzez 2026-04-15 8.8 High
Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4.
CVE-2025-59580 2 Goodlayers, Wordpress 2 Goodlayers Core, Wordpress 2026-04-15 8.8 High
Incorrect Privilege Assignment vulnerability in GoodLayers Goodlayers Core goodlayers-core allows Privilege Escalation.This issue affects Goodlayers Core: from n/a through < 2.1.7.
CVE-2024-46974 2026-04-15 7.8 High
Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers.
CVE-2024-52336 1 Redhat 1 Enterprise Linux 2026-04-15 7.8 High
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation.
CVE-2025-61429 1 Ncratleos 1 Terminal Handler 2026-04-15 8.8 High
An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request.
CVE-2025-9038 2026-04-15 N/A
Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version.
CVE-2025-45311 1 Fail2ban 1 Fail2ban 2026-04-15 8.8 High
Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is behaving in accordance with its intended privilege model.
CVE-2025-50691 1 Mcsmanager 1 Mcsmanager 2026-04-15 5.3 Medium
MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation.
CVE-2024-33393 1 Spidernet-io 1 Spiderpool 2026-04-15 6.2 Medium
An issue in spidernet-io spiderpool v.0.9.3 and before allows a local attacker to execute arbitrary code via a crafted command to get the token component.
CVE-2025-36640 2 Microsoft, Tenable 2 Windows, Nessus Agent 2026-04-15 8.8 High
A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges.