CWE-266: CWE-266

This vulnerability allows any local attacker on a Spectrum Power 4 system to escalate privileges to administrative level due to incorrect file permiss...

Nagios Log Server versions before 2024R1.0.2 contain a local privilege escalation vulnerability. An attacker who can execute commands as the Apache we...

IBM QRadar SIEM versions 7.5 through 7.5.0 Update Pack 13 Independent Fix 02 contain a privilege escalation vulnerability due to improper privilege as...

This CVE describes a local privilege escalation vulnerability in Topaz SERVCore Teller installer versions 2.14.0-RC2 and 2.14.1. The vulnerability all...

This vulnerability in NAVER MYBOX Explorer for Windows allows local attackers to escalate privileges to SYSTEM level by loading arbitrary DLLs. It aff...

This CVE describes a local privilege escalation vulnerability in Google gVisor's runsc component where incorrect file permission handling allowed unpr...

Dell SmartFabric OS10 Software contains an incorrect privilege assignment vulnerability (CWE-266) that allows local low-privileged attackers to elevat...

This vulnerability allows non-privileged software to improperly access Direct Memory Access (DMA) buffers, potentially leading to memory corruption or...

This critical vulnerability in REVE Antivirus 1.0.0.0 on Linux involves incorrect default permissions on the /usr/local/reveantivirus/tmp/reveinstall ...

A local privilege escalation vulnerability in Trend Micro Apex One's LogServer component allows attackers who already have low-privileged access to el...

This critical vulnerability in X1a0He Adobe Downloader allows local attackers to escalate privileges on macOS systems. The flaw exists in the XPC serv...

This vulnerability in Siemens Spectrum Power 7 allows authenticated local attackers to escalate privileges by exploiting root-owned SUID binaries. Att...

This vulnerability allows authenticated local attackers to execute arbitrary commands with root privileges on affected InterMesh devices. It affects I...

This vulnerability allows unprivileged Android apps to read their own restricted app-op states due to a logic error in AppOpsService.java. This could ...

This vulnerability allows local authenticated users to escalate privileges to SYSTEM by placing a malicious DLL in a specific folder. It affects SKYSE...

This vulnerability allows a malicious app to hide itself from the Device & app notifications settings by exploiting improper input validation in Andro...

This CVE describes an insecure permission vulnerability in TotalAV antivirus software that allows a local attacker to escalate privileges by creating ...

This vulnerability allows authenticated local attackers with low privileges on affected Cisco routers to elevate their privileges to root by exploitin...

This vulnerability allows an application to elevate its privileges on affected Apple devices, potentially gaining unauthorized access to system resour...

This vulnerability allows a malicious app to launch background activities without proper permissions, potentially leading to local privilege escalatio...

This vulnerability allows local attackers to bypass Factory Reset Protection (FRP) on Android devices, potentially gaining elevated privileges without...

This vulnerability allows authenticated local attackers on Cisco Catalyst 9000 switches and wireless controllers to escalate privileges to level 15 (a...

This vulnerability allows attackers with access to openjdk containers to modify the /etc/passwd file, enabling privilege escalation. It affects openjd...

CVE-2021-1572 is a privilege escalation vulnerability in Cisco ConfD software that allows authenticated local attackers to execute arbitrary commands ...

This vulnerability allows attackers with access to a container running the operator-framework/hadoop in Red Hat OpenShift 4 to modify the /etc/passwd ...

This vulnerability allows an attacker with access to the operator-metering container in Red Hat OpenShift 4 to modify the /etc/passwd file, potentiall...

CVE-2026-20852 is a privilege assignment vulnerability in Windows Hello that allows local attackers to tamper with authentication mechanisms. This aff...

This Windows Hello vulnerability allows an unauthorized local attacker to tamper with authentication processes due to incorrect privilege assignment. ...

CVE-2024-4555 is an improper privilege management vulnerability in OpenText NetIQ Access Manager that allows user account impersonation in specific sc...

This vulnerability allows attackers to escalate privileges in wpForo Forum, potentially granting unauthorized administrative access. It affects all Wo...

This vulnerability in HashiCorp Vault's Google Cloud secrets engine removes existing IAM Conditions when creating or updating rolesets, potentially gr...

This vulnerability in ClearPass Policy Manager's web interface allows authenticated low-privilege users to access sensitive information. Attackers cou...

The authentication mechanism in Dominion Voting Systems ImageCast X voting machines exposes cryptographic secrets used to protect election data. Attac...

Dell PowerProtect Data Domain BoostFS for Linux Ubuntu systems contain an Incorrect Privilege Assignment vulnerability (CWE-266). A local attacker wit...

A bug in containerd's CRI implementation fails to place usernamespaced containers under Kubernetes' cgroup hierarchy, causing Kubernetes resource limi...

This vulnerability in IBM Maximo Application Suite 9.0 allows authenticated attackers to escalate their privileges due to misconfigured Role-Based Acc...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Admin and Site Enhancements (ASE) plugin. Attackers could gain...

This CVE describes a privilege escalation vulnerability in the Admin and Site Enhancements (ASE) Pro WordPress plugin. Attackers can exploit incorrect...

This vulnerability in Open Cluster Management allows attackers with access to worker nodes to steal service account tokens and gain full cluster contr...

IBM MQ 9.3 LTS and 9.3 CD contain a privilege escalation vulnerability where authenticated users can gain elevated privileges under certain configurat...

This vulnerability allows an unauthenticated remote attacker to execute arbitrary commands with root privileges on Cisco Identity Services Engine (ISE...

This CVE describes a local privilege escalation vulnerability in IBM i operating systems where a non-administrative user can configure a physical file...

This vulnerability in SourceCodester Student Result Management System 1.0 allows unauthenticated attackers to upload arbitrary files via the bulk impo...

This vulnerability allows remote attackers to bypass authorization controls in funadmin's configuration handler, potentially enabling unauthorized con...

This vulnerability allows unauthorized access to the user management functionality in Rongzhitong Visual Integrated Command and Dispatch Platform. Att...

This vulnerability in zhanghuanhao LibrarySystem allows attackers to bypass access controls in the BookController.java component, potentially enabling...

This vulnerability allows attackers to escalate privileges in the Themefic Hydra Booking WordPress plugin. Attackers can gain higher-level access than...

This vulnerability allows attackers to bypass role-based access controls in yzcheng90 X-SpringBoot 6.0 by exploiting desynchronization between fronten...

This CVE describes an improper authorization vulnerability in orion-ops that allows attackers to manipulate user IDs in the user profile update functi...

This vulnerability allows unauthorized Ethereum transactions through NutzBoot's Transaction API. Attackers can manipulate 'from/to/wei' parameters to ...