Total
2330 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4976 | 1 Purestorage | 1 Flashblade | 2025-04-10 | N/A |
| A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array. | ||||
| CVE-2024-3057 | 1 Purestorage | 1 Flasharray | 2025-04-10 | 9.8 Critical |
| A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation. | ||||
| CVE-2022-4687 | 1 Usememos | 1 Memos | 2025-04-09 | 8.1 High |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.0. | ||||
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | ||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | ||||
| CVE-2024-28851 | 1 Snowflake | 1 Snowflake Hive Metastore Connector | 2025-04-09 | 4 Medium |
| The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. | ||||
| CVE-2022-0668 | 1 Jfrog | 1 Artifactory | 2025-04-09 | 5.3 Medium |
| JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | ||||
| CVE-2007-2444 | 3 Canonical, Debian, Samba | 3 Ubuntu Linux, Debian Linux, Samba | 2025-04-09 | N/A |
| Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to the root user. | ||||
| CVE-2009-0080 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-09 | N/A |
| The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | ||||
| CVE-2009-2848 | 8 Canonical, Fedoraproject, Linux and 5 more | 15 Ubuntu Linux, Fedora, Linux Kernel and 12 more | 2025-04-09 | N/A |
| The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. | ||||
| CVE-2008-2271 | 1 Site Documentation Project | 1 Site Documentation | 2025-04-09 | N/A |
| The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before 6.x-1.1 allows remote authenticated users to gain privileges of other users by leveraging the "access content" permission to list tables and obtain session IDs from the database. | ||||
| CVE-2008-2931 | 6 Canonical, Debian, Linux and 3 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2025-04-09 | 7.8 High |
| The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of a mountpoint. | ||||
| CVE-2025-21546 | 2 Oracle, Redhat | 2 Mysql Server, Enterprise Linux | 2025-04-08 | 3.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2025-29999 | 2025-04-08 | 6.7 Medium | ||
| A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation. This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory. | ||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2025-04-08 | 7.1 High |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-39182 | 1 Mingham-smith | 1 Tardis 2000 | 2025-04-08 | 4.9 Medium |
| H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | ||||
| CVE-2025-31286 | 2025-04-07 | 4.6 Medium | ||
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31284 | 2025-04-07 | 4.6 Medium | ||
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31283 | 2025-04-07 | 4.6 Medium | ||
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31285 | 2025-04-07 | 4.6 Medium | ||
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||