CWE-269: Improper Privilege Management

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to upload arbitrary files and execute them as root on the...

This vulnerability allows attackers to exploit Zero Touch Provisioning on Arista CloudVision systems to gain administrative privileges with excessive ...

This vulnerability allows local privilege escalation on affected Android devices by enabling adb (Android Debug Bridge) access before Setup Wizard com...

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victim and gain elevated privileges. It affects Google ...

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks and execute arbitrary shell commands with full syste...

This vulnerability in OpenZeppelin's TimelockController smart contract allows actors with the executor role to escalate privileges and potentially gai...

This vulnerability allows unauthenticated remote attackers to bypass authentication on Cisco ACI Multi-Site Orchestrator (MSO) by exploiting improper ...

This vulnerability allows local unprivileged users on Windows systems to manipulate privileged DriveLock processes, enabling privilege escalation. Att...

This vulnerability in DriveLock allows attackers to gain elevated privileges, potentially leading to full system compromise. It affects DriveLock vers...

This vulnerability in OpenShift Container Platform allows attackers with developer-level access to execute arbitrary commands on worker nodes by explo...

This vulnerability in Wistron Corporation's TBT Force Power Control driver allows attackers to escalate privileges and execute arbitrary code by sendi...

This vulnerability allows any authenticated regular user in OpenObserve to create new users with administrative 'root' privileges, bypassing intended ...

This vulnerability allows authenticated remote attackers to execute unauthorized configuration commands on Firepower Threat Defense devices managed by...

This vulnerability allows any logged-in user in XWiki Platform to modify mail configuration settings, including viewing and editing SMTP credentials. ...

A privilege escalation vulnerability in SUSE Rancher allows attackers to bypass admission webhook security checks and gain elevated privileges in Kube...

This vulnerability allows a remote attacker with standard JEA (Just Enough Administration) credentials to escalate privileges and potentially take ove...

This vulnerability allows unauthenticated attackers to create administrator accounts on WordPress sites using the User Registration & Membership plugi...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component. Attackers could exploit this to gain elevated privileges wi...

This CVE describes a privilege escalation vulnerability in Firefox's Netmonitor component that allows attackers to gain elevated privileges on affecte...

A privilege escalation vulnerability in edu Business Solutions Print Shop Pro WebDesk allows remote attackers to gain elevated privileges by manipulat...

The s2Member WordPress plugin has a critical vulnerability that allows unauthenticated attackers to change any user's password, including administrato...

The Buyent Classified plugin for WordPress allows unauthenticated attackers to register accounts with administrator privileges by manipulating the use...

This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the Lizza LMS Pro plugin. All WordPress sit...

The Clasifico Listing WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges by manipulating the 'listin...

CVE-2026-26369 is a privilege escalation vulnerability in eNet SMART HOME server where low-privileged users can elevate themselves to administrative p...

The Truelysell Core WordPress plugin allows unauthenticated attackers to create administrator accounts due to insufficient validation of the user_role...

The JAY Login & Register WordPress plugin allows unauthenticated attackers to update arbitrary user metadata through a vulnerable AJAX function, enabl...

The User Profile Builder WordPress plugin before version 3.15.2 has an improper password reset mechanism that allows unauthenticated attackers to rese...

The LA-Studio Element Kit for Elementor WordPress plugin allows unauthenticated attackers to create administrator accounts by manipulating the registr...

This vulnerability in the RegistrationMagic WordPress plugin allows unauthenticated attackers to manipulate menu generation logic, granting administra...

This critical vulnerability in BLUVOYIX allows unauthenticated attackers to create admin users via specially crafted HTTP requests to admin APIs. Succ...

A privilege escalation vulnerability in RustFS IAM allows restricted service accounts or STS credentials to self-issue unrestricted service accounts w...

The Flex Store Users WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges due to improper role validat...

A privilege escalation vulnerability in DriveLock allows users with 'Manage roles and permissions' privilege to promote themselves or other users to S...

The WP CarDealer WordPress plugin has a critical privilege escalation vulnerability that allows unauthenticated attackers to register accounts with ad...

The DesignThemes LMS WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges due to improper role validat...

This vulnerability allows a physically proximate attacker to bypass tamper protection on Entrust hardware security modules, gaining debug access and p...

The Tiare Membership WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to register accounts with adminis...

The FindAll Listing plugin for WordPress has a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators ...

The EduKart Pro WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges due to improper role validation. ...

This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the EasyCommerce plugin. Attackers can gain...

The Doccure Core WordPress plugin allows unauthenticated attackers to create accounts with administrator privileges by manipulating the user_type fiel...

This vulnerability in the King Addons for Elementor WordPress plugin allows unauthenticated attackers to register administrator-level user accounts du...

This vulnerability allows local attackers to escalate privileges by exploiting a SUID-bit binary in BLU-IC2 and BLU-IC4 devices. Attackers can gain ro...

This vulnerability allows an attacker to gain root shell access on Omada gateway devices under restricted conditions. It affects TP-Link Omada busines...

The WP Freeio WordPress plugin allows unauthenticated attackers to register accounts with administrator privileges due to improper role validation. Th...

This vulnerability in PHPGurukul Online Library Management System v3.0 allows attackers to escalate privileges via index.php, potentially gaining admi...

This vulnerability in the WLAN subsystem of Android on Google Pixel devices allows local attackers to gain elevated privileges on affected devices. At...

CVE-2025-36890 is an elevation of privilege vulnerability in Android that allows attackers to gain higher system privileges than intended. This affect...

This vulnerability in the WLAN subsystem of Android on Google Pixel devices allows local attackers to gain elevated privileges on the device. It affec...