CWE-250: CWE-250

This vulnerability in Node.js allows processes that have dropped privileges via setuid() to still perform privileged operations through libuv's io_uri...

This vulnerability in Zoom Rooms for Windows allows authenticated users with local access to escalate privileges on the system. It affects organizatio...

This vulnerability allows administrator-level users on Brocade Fabric OS to execute the bind command, enabling privilege escalation and bypassing secu...

This CVE describes a local privilege escalation vulnerability in IBM Db2 where an instance owner can execute malicious code to gain root privileges. T...

This vulnerability in IBM Sterling Connect Direct for Unix allows CCD users with existing privileges to escalate their permissions further through mai...

This vulnerability in IBM webMethods Integration Server allows privileged users to escalate their privileges when handling external entities due to ex...

An improper privilege management vulnerability in SonicWall NetExtender Windows client allows low-privileged local attackers to modify VPN client conf...

The Docker daemon in Brocade SANnav management software versions before 2.3.1b runs without auditing enabled. This allows remote authenticated attacke...

This vulnerability allows remote authenticated attackers with administrative console access to execute arbitrary code on IBM WebSphere Application Ser...

This vulnerability in H3C M2 NAS V100R006 allows local attackers to execute code with elevated privileges through the webserver configuration componen...

A Local Privilege Escalation vulnerability in libblockdev allows physically present users with 'allow_active' Polkit permissions to escalate to root p...

This CVE describes a privilege escalation vulnerability where excessively permissive sudo rules for a local service account could allow administrative...

This vulnerability allows local attackers with initial code execution in the oFono sandbox on Tesla Model S vehicles to escape the sandbox and modify ...

A privilege escalation vulnerability in Palo Alto Networks GlobalProtect app on Windows allows local non-admin users to gain SYSTEM privileges by expl...

Dell PowerScale OneFS contains a privilege escalation vulnerability where high-privileged local attackers can execute code with unnecessary privileges...

Dell Data Lakehouse versions before 1.5.0.0 have a privilege escalation vulnerability where high-privileged local attackers can execute code with unne...

CVE-2025-3892 is a privilege escalation vulnerability in Axis devices that allows ACAP applications to execute with elevated privileges. This affects ...

This CVE describes a chroot escape vulnerability in HGiga PowerStation's SSH service. Attackers with root privileges can bypass chroot restrictions to...

This CVE describes a privilege escalation vulnerability in Dell PowerScale OneFS where local high-privileged users can execute commands with unnecessa...

Dell PowerScale OneFS 9.5.x contains a local privilege escalation vulnerability that allows low-privileged local attackers to gain higher privileges o...

This CVE describes a local privilege escalation vulnerability in SonicWall SMA1000 appliances where insufficient authorization in the management conso...

This vulnerability in Submariner allows a privileged attacker to deploy malicious containers on nodes, enabling theft of service account tokens. This ...

A local privilege escalation vulnerability in multiple Mitsubishi Electric industrial control software products allows authenticated attackers to crea...

This vulnerability allows authenticated administrators in Ignition SCADA systems to execute arbitrary Python code with SYSTEM-level privileges on Wind...

This vulnerability allows authenticated VAPIX administrators to escalate their privileges to Linux root level on affected Axis devices. Only users wit...

This vulnerability in IBM Security Verify Information Queue allows privileged users to escalate their privileges and expand their attack surface on th...

A local privilege escalation vulnerability in SecuSUITE Server's System Configuration component allows attackers who have already compromised a system...

This vulnerability in ZimaOS allows any user with localhost access to read arbitrary files as the root user through the /v2_1/files/file/download endp...

This vulnerability allows authenticated local attackers with administrative credentials on Cisco Secure FTD devices to execute arbitrary commands as r...

This vulnerability in Brocade Fabric OS allows local authenticated users with lower privileges to view command line passwords and access sensitive inf...

CVE-2021-38118 is an improper input validation vulnerability in OpenText iManager that could allow attackers to manipulate application behavior throug...

This vulnerability allows authenticated API users to execute arbitrary Dag code in the context of the api-server when deployed in environments where D...

This vulnerability allows authenticated remote attackers with low privileges to execute commands as Admin users on Cisco ATA 190 Series Analog Telepho...

CVE-2026-30225 is an authentication context confusion vulnerability in OliveTin that allows low-privileged authenticated users to bypass ACL restricti...

This vulnerability in F5 BIG-IP Container Ingress Services allows excessive permissions that could enable reading Kubernetes cluster secrets. It affec...

This vulnerability in IBM Business Automation Workflow containers allows local users with container access to execute arbitrary operating system comma...

This vulnerability allows local users with standard privileges to manipulate active protection service settings in Acronis Cyber Protect Cloud Agent d...

This vulnerability allows authenticated users with CREATE privilege but no UPDATE privilege for Pools, Connections, and Variables to modify existing r...

SAP GUI for Windows may leak NTLM hashes when specific ABAP frontend services are called with UNC paths. This requires an attacker with developer auth...

This vulnerability allows the Icinga daemon user to send signals to arbitrary processes by exploiting a race condition in the safe-reload script and l...

CVE-2023-27247 is a privilege escalation vulnerability in Cynet Client Agent v4.6.0.8010 where attackers with Administrator rights can disable EDR (En...

A privilege escalation vulnerability in langgenius/dify version 0.9.1 allows normal users to modify admin-created chatbot configurations. This occurs ...

CVE-2025-1790 is a local privilege escalation vulnerability in Genetec Sipelia Plugin that allows authenticated low-privileged Windows users to gain e...

This vulnerability in captive-browser allows any system user to execute arbitrary commands with CAP_NET_RAW capability, enabling them to bind to privi...

CVE-2025-1977 allows authenticated users with read-only access to perform unauthorized configuration changes on Moxa NPort 6100-G2/6200-G2 Series devi...

This CVE describes a local privilege escalation vulnerability in Versa SASE Client for Windows where an authenticated local attacker can delete arbitr...

A privilege escalation vulnerability in lightdm-kde-greeter allows attackers with access to the service user account to gain root privileges. This aff...