Total
2384 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4601 | 2025-06-12 | 8.8 High | ||
| The "RH - Real Estate WordPress Theme" theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 4.4.0. This is due to the theme not properly restricting user roles that can be updated as part of the inspiry_update_profile() function. This makes it possible for authenticated attackers, with subscriber-level access and above, to set their role to that of an administrator. The vulnerability was partially patched in version 4.4.0, and fully patched in version 4.4.1. | ||||
| CVE-2024-41797 | 2025-06-12 | 4.3 Medium | ||
| A vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.1), SCALANCE XC316-8 (6GK5324-8TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 (6GK5328-4TS00-2AC2) (All versions < V3.1), SCALANCE XC324-4 EEC (6GK5328-4TS00-2EC2) (All versions < V3.1), SCALANCE XC332 (6GK5332-0GA00-2AC2) (All versions < V3.1), SCALANCE XC416-8 (6GK5424-8TR00-2AC2) (All versions < V3.1), SCALANCE XC424-4 (6GK5428-4TR00-2AC2) (All versions < V3.1), SCALANCE XC432 (6GK5432-0GR00-2AC2) (All versions < V3.1), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All versions < V3.1), SCALANCE XCM324 (6GK5324-8TS01-2AC2) (All versions < V3.1), SCALANCE XCM328 (6GK5328-4TS01-2AC2) (All versions < V3.1), SCALANCE XCM332 (6GK5332-0GA01-2AC2) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-2AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-3AR3) (All versions < V3.1), SCALANCE XR302-32 (6GK5334-5TS00-4AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-2AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-3AR3) (All versions < V3.1), SCALANCE XR322-12 (6GK5334-3TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-2AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-3AR3) (All versions < V3.1), SCALANCE XR326-8 (6GK5334-2TS00-4AR3) (All versions < V3.1), SCALANCE XR326-8 EEC (6GK5334-2TS00-2ER3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-2AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-3AR3) (All versions < V3.1), SCALANCE XR502-32 (6GK5534-5TR00-4AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-2AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-3AR3) (All versions < V3.1), SCALANCE XR522-12 (6GK5534-3TR00-4AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-2AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-3AR3) (All versions < V3.1), SCALANCE XR526-8 (6GK5534-2TR00-4AR3) (All versions < V3.1), SCALANCE XRH334 (24 V DC, 8xFO, CC) (6GK5334-2TS01-2ER3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 12xFO) (6GK5334-3TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230 V AC, 8xFO) (6GK5334-2TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-3AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 12xFO) (6GK5334-3TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24 V DC, 8xFO) (6GK5334-2TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-2AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 12xFO) (6GK5334-3TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230 V AC, 8xFO) (6GK5334-2TS01-4AR3) (All versions < V3.1), SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+) (6GK5334-5TS01-4AR3) (All versions < V3.1). Affected devices contain an incorrect authorization check vulnerability. This could allow an authenticated remote attacker with "guest" role to invoke an internal "do system" command which exceeds their privileges. This command allows the execution of certain low-risk actions, the most critical of which is clearing the local system log. | ||||
| CVE-2025-1732 | 2025-06-12 | 6.7 Medium | ||
| An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. | ||||
| CVE-2023-47145 | 2 Ibm, Microsoft | 2 Db2, Windows | 2025-06-11 | 8.4 High |
| IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402. | ||||
| CVE-2023-47132 | 1 N-able | 1 N-central | 2025-06-11 | 9.8 Critical |
| An issue discovered in N-able N-central before 2023.6 and earlier allows attackers to gain escalated privileges via API calls. | ||||
| CVE-2025-44040 | 1 Orangehrm | 1 Orangehrm | 2025-06-10 | 7.2 High |
| An issue in OrangeHRM v.5.7 allows an attacker to escalate privileges via the UserService.php and the checkFOrOldHash function | ||||
| CVE-2024-28391 | 2 Fme Modules, Fmemodules | 2 Quickproducttable Module For Pestashop, B2b Quick Order Form | 2025-06-10 | 9.8 Critical |
| SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. | ||||
| CVE-2023-41954 | 1 Properfraction | 1 Profilepress | 2025-06-09 | 8.6 High |
| Improper Privilege Management vulnerability in ProfilePress Membership Team ProfilePress allows Privilege Escalation.This issue affects ProfilePress: from n/a through 4.13.1. | ||||
| CVE-2024-24882 | 1 Themegrill | 1 Masteriyo | 2025-06-09 | 9.8 Critical |
| Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2. | ||||
| CVE-2020-13776 | 4 Fedoraproject, Netapp, Redhat and 1 more | 6 Fedora, Active Iq Unified Manager, Solidfire \& Hci Management Node and 3 more | 2025-06-09 | 6.7 Medium |
| systemd through v245 mishandles numerical usernames such as ones composed of decimal digits or 0x followed by hex digits, as demonstrated by use of root privileges when privileges of the 0x0 user account were intended. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000082. | ||||
| CVE-2019-3843 | 5 Canonical, Fedoraproject, Netapp and 2 more | 9 Ubuntu Linux, Fedora, Cn1610 and 6 more | 2025-06-09 | 7.8 High |
| It was discovered that a systemd service that uses DynamicUser property can create a SUID/SGID binary that would be allowed to run as the transient service UID/GID even after the service is terminated. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the UID/GID will be recycled. | ||||
| CVE-2025-27811 | 1 Razer | 1 Synapse 4 | 2025-06-09 | 7.8 High |
| A local privilege escalation in the razer_elevation_service.exe in Razer Synapse 4 through 4.0.86.2502180127 allows a local attacker to escalate their privileges via a vulnerable COM interface in the target service. | ||||
| CVE-2022-34699 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2016 and 2 more | 2025-06-05 | 7.8 High |
| Windows Win32k Elevation of Privilege Vulnerability | ||||
| CVE-2022-34691 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-05 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2022-33646 | 1 Microsoft | 1 Azure Batch | 2025-06-05 | 7 High |
| Azure Batch Node Agent Elevation of Privilege Vulnerability | ||||
| CVE-2022-33640 | 1 Microsoft | 2 Open Management Infrastructure, System Center Operations Manager | 2025-06-05 | 7.8 High |
| System Center Operations Manager: Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | ||||
| CVE-2024-22795 | 1 Forescout | 1 Secureconnector | 2025-06-05 | 7 High |
| Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | ||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2025-06-05 | 8.1 High |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | ||||
| CVE-2024-22922 | 1 Projectworlds | 1 Visitor Management System In Php | 2025-06-04 | 9.8 Critical |
| An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | ||||
| CVE-2022-34706 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-06-04 | 7.8 High |
| Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability | ||||