Total
2383 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-25962 | 2025-05-06 | 9.8 Critical | ||
| An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function | ||||
| CVE-2025-3438 | 1 Inspireui | 1 Mstore Api | 2025-05-06 | 6.5 Medium |
| The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to limited privilege escalation in all versions up to, and including, 4.17.4. This is due to a lack of restriction of role when registering. This makes it possible for unauthenticated attackers to to register with the 'wcfm_vendor' role, which is a Store Vendor role in the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin for WordPress. The vulnerability can only be exploited if the WCFM Marketplace – Multivendor Marketplace for WooCommerce plugin is installed and activated. The vulnerability was partially patched in version 4.17.3. | ||||
| CVE-2023-46145 | 1 Themify | 1 Ultra | 2025-05-05 | 8.8 High |
| Improper Privilege Management vulnerability in Themify Themify Ultra allows Privilege Escalation.This issue affects Themify Ultra: from n/a through 7.3.5. | ||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2025-05-05 | 9.1 Critical |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-25847 | 1 Myprestamodules | 2 Product Catalog \(csv\, Excel\) Import, Product Catalog Import For Prestashop | 2025-05-05 | 9.8 Critical |
| SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. | ||||
| CVE-2025-21659 | 2025-05-04 | 5.5 Medium | ||
| In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the very least NAPI instance belongs to the same netns as the owner of the genl sock. napi_by_id() can become static now, but it needs to move because of dev_get_by_napi_id(). | ||||
| CVE-2024-26247 | 1 Microsoft | 1 Edge | 2025-05-03 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | ||||
| CVE-2024-29052 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-05-03 | 7.8 High |
| Windows Storage Elevation of Privilege Vulnerability | ||||
| CVE-2024-28904 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-21324 | 1 Microsoft | 1 Defender For Iot | 2025-05-03 | 7.2 High |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2024-28905 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-30007 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 8.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2022-37929 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | 6.7 Medium |
| Improper Privilege Management vulnerability in Hewlett Packard Enterprise Nimble Storage Hybrid Flash Arrays and Nimble Storage Secondary Flash Arrays. | ||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2025-05-02 | 8.8 High |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | ||||
| CVE-2022-42919 | 3 Fedoraproject, Python, Redhat | 4 Fedora, Python, Enterprise Linux and 1 more | 2025-05-02 | 7.8 High |
| Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | ||||
| CVE-2019-13690 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | 9.6 Critical |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2022-3369 | 1 Bitdefender | 1 Engines | 2025-05-02 | 8.6 High |
| An Improper Access Control vulnerability in the bdservicehost.exe component, as used in Bitdefender Engines for Windows, allows an attacker to delete privileged registry keys by pointing a Registry symlink to a privileged key. This issue affects: Bitdefender Engines versions prior to 7.92659. It also affects Bitdefender Antivirus Free, Bitdefender Antivirus Plus, Bitdefender Internet Security, Bitdefender Total Security, as well as Bitdefender Endpoint Security Tools for Windows with engine versions prior to 7.92659. | ||||
| CVE-2025-31282 | 2025-05-02 | 4.6 Medium | ||
| A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2022-37015 | 1 Symantec | 1 Endpoint Detection And Response | 2025-05-01 | 9.8 Critical |
| Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-44733 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39900. | ||||