CWE-267: CWE-267

CVAT users with staff status can escalate their own privileges to superuser/admin level, gaining full access to all data in the CVAT instance. This af...

This CVE describes a privilege escalation vulnerability in Apache Cassandra where a user with MODIFY permission on all keyspaces can gain superuser pr...

This vulnerability allows users with MODIFY permission on all keyspaces in Apache Cassandra to escalate privileges to superuser by performing unsafe a...

This vulnerability allows unauthorized local attackers to escalate privileges to root on macOS systems running DTEX DEC-M (DTEX Forwarder) 6.1.1. The ...

This vulnerability in SINEMA Remote Connect Server allows attackers with access to the backup encryption key and upload permissions to create administ...

This vulnerability allows an unauthorized user to exploit SonicWall NetExtender's Pre-Logon feature to gain SYSTEM-level privileges on Windows hosts, ...

This vulnerability in Pimcore allows attackers to perform unsafe actions due to improperly defined privileges, potentially leading to privilege escala...

A high-severity vulnerability in Oracle VM VirtualBox Core allows attackers with local system access to compromise the virtualization software, potent...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

An authenticated user with Installer role in REB500 can access and modify directories they are not authorized to access. This privilege escalation vul...

This CVE describes a local privilege escalation vulnerability in VMware Aria Operations and VMware Tools. A malicious local user with non-administrati...

This vulnerability in Ivanti Secure Access Client allows a local authenticated attacker to escalate privileges due to incorrect file permissions. It a...

This vulnerability allows local authenticated attackers to escalate privileges on Ivanti Connect Secure and Policy Secure appliances. Attackers with e...

Dell PowerScale OneFS versions 8.2.2.x through 9.5.0.x contain an improper privilege management vulnerability. A remote attacker with low privileges c...

This vulnerability allows authenticated Asterisk Manager Interface (AMI) users with 'write=originate' permissions to modify configuration files in /et...

This vulnerability in Ivanti Secure Access Client allows local authenticated attackers to create arbitrary folders due to incorrect permissions. This ...

This vulnerability in Cisco NX-OS Software allows authenticated local attackers with Bash shell access to execute arbitrary code with root privileges....

CVE-2025-53900 is a privilege escalation vulnerability in Kiteworks MFT where authorized users can gain elevated permissions through improper role def...

This vulnerability in Oracle BI Publisher allows authenticated attackers with low privileges to access sensitive data via the Web Service API. It affe...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to access sensitive data from Virtua...

A local privilege escalation vulnerability in Oracle Solaris 11 filesystem component allows high-privileged attackers with system access to cause deni...

A privilege escalation vulnerability in Drupal's Role Delegation module allows authenticated users with role assignment permissions to assign themselv...

This vulnerability in Drupal Mini site allows attackers with certain privileges to inject malicious scripts that execute when other users view affecte...

This vulnerability in Oracle Health Sciences Data Management Workbench allows authenticated high-privilege attackers to access sensitive data via HTTP...

This vulnerability in Oracle ZFS Storage Appliance Kit allows high-privileged attackers with network access via HTTP to cause a denial of service by h...

Wing FTP Server versions through 7.4.4 run the administrative web interface with root/SYSTEM privileges by default. This allows authenticated administ...