Export limit exceeded: 360957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9491 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33522 | 1 Tigera | 3 Calico, Calico Cloud, Calico Enterprise | 2026-04-15 | 6.7 Medium |
| In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3.17.3 and below), and Calico Cloud (v19.2.0 and below), an attacker who has local access to the Kubernetes node, can escalate their privileges by exploiting a vulnerability in the Calico CNI install binary. The issue arises from an incorrect SUID (Set User ID) bit configuration in the binary, combined with the ability to control the input binary, allowing an attacker to execute an arbitrary binary with elevated privileges. | ||||
| CVE-2024-38278 | 1 Siemens | 32 Ruggedcom Ros Rmc8388, Ruggedcom Ros Rmc8388nc, Ruggedcom Ros Rs416ncv2 and 29 more | 2026-04-15 | 6.6 Medium |
| A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.9.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.9.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.9.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.9.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.9.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.9.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.9.0), RUGGEDCOM RSG907R (All versions < V5.9.0), RUGGEDCOM RSG908C (All versions < V5.9.0), RUGGEDCOM RSG909R (All versions < V5.9.0), RUGGEDCOM RSG910C (All versions < V5.9.0), RUGGEDCOM RSG920P V5.X (All versions < V5.9.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.9.0), RUGGEDCOM RSL910 (All versions < V5.9.0), RUGGEDCOM RSL910NC (All versions < V5.9.0), RUGGEDCOM RST2228 (All versions < V5.9.0), RUGGEDCOM RST2228P (All versions < V5.9.0), RUGGEDCOM RST916C (All versions < V5.9.0), RUGGEDCOM RST916P (All versions < V5.9.0). The affected products with IP forwarding enabled wrongly make available certain remote services in non-managed VLANs, even if these services are not intentionally activated. An attacker could leverage this vulnerability to create a remote shell to the affected system. | ||||
| CVE-2025-5491 | 2026-04-15 | 8.8 High | ||
| Acer ControlCenter contains Remote Code Execution vulnerability. The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing remote users with low privileges to interact with it and access its features. One such feature enables the execution of arbitrary programs as NT AUTHORITY/SYSTEM. By leveraging this, remote attackers can execute arbitrary code on the target system with elevated privileges. | ||||
| CVE-2025-2686 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability has been found in mingyuefusu 明月复苏 tushuguanlixitong 图书管理系统 up to d4836f6b49cd0ac79a4021b15ce99ff7229d4694 and classified as critical. Affected by this vulnerability is the function doFilter of the file /admin/ of the component Backend. The manipulation of the argument Request leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-39633 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0. | ||||
| CVE-2025-37186 | 2 Hp, Linux | 2 Aruba Virtual Intranet Access, Linux | 2026-04-15 | 7.8 High |
| A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking Virtual Intranet Access (VIA) client. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges. | ||||
| CVE-2024-52336 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.8 High |
| A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | ||||
| CVE-2023-53739 | 1 Tinycontrol | 1 Lan Controller | 2026-04-15 | N/A |
| Tinycontrol LAN Controller v3 LK3 version 1.58a contains an unauthenticated vulnerability that allows remote attackers to download configuration backup files containing sensitive credentials. Attackers can retrieve the lk3_settings.bin file and extract base64-encoded user and admin passwords without authentication. | ||||
| CVE-2024-38770 | 1 Revmakx | 1 Backup And Staging By Wp Time Capsule | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20. | ||||
| CVE-2025-12683 | 1 Voidtools | 1 Everything | 2026-04-15 | N/A |
| The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalation(only if chained with other elements) for a local low privilege user. | ||||
| CVE-2023-53908 | 1 Belden | 1 Hisecos | 2026-04-15 | 8.8 High |
| HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level. | ||||
| CVE-2023-50700 | 2026-04-15 | 7.8 High | ||
| Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method. | ||||
| CVE-2025-23391 | 1 Suse | 1 Rancher | 2026-04-15 | 9.1 Critical |
| A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4. | ||||
| CVE-2024-33549 | 2 Aa-team, Wordpress | 2 Wzone, Wordpress | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in AA-Team WZone allows Privilege Escalation.This issue affects WZone: from n/a through 14.0.10. | ||||
| CVE-2025-37101 | 2026-04-15 | 8.7 High | ||
| A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). | ||||
| CVE-2025-68869 | 2 Lazycoders, Wordpress | 2 Lazytasks, Wordpress | 2026-04-15 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.2.37. | ||||
| CVE-2025-8757 | 1 Trendnet | 1 Tv-ip110wn | 2026-04-15 | 7 High |
| A vulnerability was found in TRENDnet TV-IP110WN 1.2.2 and classified as problematic. Affected by this issue is some unknown functionality of the file /server/boa.conf of the component Embedded Boa Web Server. The manipulation leads to least privilege violation. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-44439 | 1 Shanghai Zhouma Network Technology Co | 1 Intelligent Manufacturing Collaborative Internet Of Things | 2026-04-15 | 5.9 Medium |
| An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | ||||
| CVE-2016-15045 | 2026-04-15 | N/A | ||
| A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root. | ||||
| CVE-2023-38292 | 1 Tcl | 1 20xe | 2026-04-15 | 8.7 High |
| Certain software builds for the TCL 20XE Android device contain a vulnerable, pre-installed app with a package name of com.tct.gcs.hiddenmenuproxy (versionCode='2', versionName='v11.0.1.0.0201.0') that allows local third-party apps to programmatically perform a factory reset due to inadequate access control. No permissions or special privileges are necessary to exploit the vulnerability in the com.tct.gcs.hiddenmenuproxy app. No user interaction is required beyond installing and running a third-party app. The software build fingerprints for each confirmed vulnerable build are as follows: TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB7I-0:user/release-keys and TCL/5087Z_BO/Doha_TMO:11/RP1A.200720.011/PB83-0:user/release-keys. This malicious app sends a broadcast intent to the exported com.tct.gcs.hiddenmenuproxy/.rtn.FactoryResetReceiver receiver component, which initiates a programmatic factory reset. | ||||