CWE-269: Improper Privilege Management

This vulnerability in PingDirectory's Delegated Admin Privilege virtual attribute provider plugin allows authenticated users to elevate their permissi...

This CVE describes a local privilege escalation vulnerability in apport-cli versions 2.26.0 and earlier. It allows unprivileged users to gain root pri...

This vulnerability in FortiClient for Windows allows a local attacker to write arbitrary files to the system due to unnecessary privileges. It affects...

A cache poisoning vulnerability in RubyGems allowed malicious packages to temporarily replace legitimate gems in CDN caches when platform names ended ...

OpenMetadata versions before 1.11.8 leak JSON Web Tokens (JWTs) used by the ingestion-bot service through API calls from the UI. This allows any read-...

A privilege escalation vulnerability in Outline document management systems allows authenticated users to gain unauthorized administrative privileges ...

This vulnerability allows authenticated attackers with admin/owner permissions in one organization to modify or delete groups in other organizations i...

An incorrect access control vulnerability in Kashipara Music Management System v1.0 allows low-privileged attackers to access administrator functions ...

This vulnerability in the WordPress Redirection for Contact Form 7 plugin allows attackers to escalate privileges, potentially gaining administrative ...

This vulnerability allows users in Devolutions Server to retain elevated privileges beyond their intended expiration time. Attackers could exploit thi...

This vulnerability in NetApp ONTAP allows authenticated users with multiple remote accounts to perform REST API actions beyond their intended privileg...

This vulnerability allows PCI devices with Reserved Memory Region Reporting (RMRR) to be improperly deassigned when passed through to virtual machine ...

This vulnerability in FreeBSD's bhyve hypervisor allows guest virtual machines to execute certain AMD virtualization instructions that bypass nested p...

This vulnerability in FrankenPHP worker mode allows session data from one user's request to be accessible to another user's request processed by the s...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to potentially compromise the Virtua...

This vulnerability in ZTE ElasticNet UME R32 allows attackers to bypass access controls and access functionality they shouldn't have permission to use...

This vulnerability allows a remote attacker who has already compromised Chrome's renderer process to escalate privileges via a crafted HTML page. It a...

In GLPI versions 10.0.0 through 10.0.18, authenticated non-admin users can manipulate business rule execution order, potentially altering system behav...

XWiki Platform subwikis with 'Prevent unregistered users to view pages' or similar privacy settings are vulnerable to unauthorized access through REST...

CVE-2021-3978 is a local privilege escalation vulnerability in Cloudflare's octorpki RPKI validator. When combined with another vulnerability that all...

This vulnerability in Windows Web Threat Defense User Service allows attackers to read sensitive information from system memory. It affects Windows sy...

MSP360 Backup Agent versions 7.8.5.15 and 7.9.4.84 store network share credentials in an encrypted file (enginesettings.list) using a hard-coded encry...

NVIDIA ChatRTX for Windows has a privilege management vulnerability where attackers can manipulate execution flow through user inputs. This could allo...

This vulnerability in the Presta World 'Account Manager - Sales Representative & Dealers - CRM' module for PrestaShop allows remote attackers to escal...

CVE-2023-52105 is a privilege escalation vulnerability in Huawei's nearby module that allows attackers to gain elevated privileges on affected devices...

This CVE describes a permission management vulnerability in Huawei's multi-screen interaction module that could allow unauthorized access or privilege...

This CVE describes a data confidentiality vulnerability in Huawei's ScreenReader module that could allow unauthorized access to sensitive information....

This CVE describes a permission verification vulnerability in Huawei's WMS (Window Manager Service) module on HarmonyOS devices. Attackers could explo...

A permission control vulnerability in Huawei's MediaPlaybackController module allows attackers to bypass intended restrictions, potentially disrupting...

This CVE describes an unauthorized API access vulnerability in Huawei's PMS (Package Management Service) module that allows attackers to bypass intend...

CVE-2023-1694 is a file privilege escalation vulnerability in the Settings module of Huawei HarmonyOS and EMUI systems. Successful exploitation could ...

This vulnerability in Microsoft Edge allows attackers to gain elevated privileges on affected systems. It affects users running vulnerable versions of...

This vulnerability in IBM Db2 allows unauthorized information disclosure through improper privilege management when using table functions. Attackers c...

This CVE allows an attacker who has already escaped a container running as root to escalate privileges to Kubernetes cluster admin using Cilium's serv...

CVE-2022-22257 is an improper permission control vulnerability in Huawei's customization framework that allows unauthorized access to modify system se...

CVE-2022-23921 is a local privilege escalation vulnerability in GE CIMPLICITY software that allows authenticated attackers to execute arbitrary code w...

This vulnerability allows authenticated attackers to elevate privileges in Active Directory Domain Services by exploiting improper access control. It ...

CVE-2021-42282 is an Active Directory Domain Services privilege escalation vulnerability that allows authenticated attackers to gain domain administra...

This vulnerability allows Mobile Device Management (MDM) users to bypass Knox Manage authentication in Samsung devices. It affects Samsung devices usi...

This vulnerability allows local users on Windows systems running McAfee Total Protection to escalate privileges by exploiting a timing issue through j...

This vulnerability allows deactivated users who registered via OAuth/SAML to retain partial system access in authentik. They can authorize application...

This vulnerability allows a local attacker with physical access to gain root code execution on enrolled ChromeOS devices by exploiting a debug shell a...

Insecure permissions in kubeslice v1.3.1 allow attackers to access service account tokens, enabling privilege escalation within Kubernetes clusters. T...

This vulnerability in Kuadrant v0.11.3 allows attackers to access service account tokens due to insecure permissions in the secrets component. Attacke...

This CVE describes a local privilege escalation vulnerability in IBM i's integrated application server. An attacker with command-line access to the ho...

This vulnerability allows unprivileged local users to read arbitrary physical memory through the Ludashi driver's IOCTL handler, exposing sensitive ke...

This vulnerability allows attackers with filesystem access to replace critical binaries on D-Link DCS-825L cameras, leading to persistent root-level c...

This CVE-2025-22165 is a Medium severity Arbitrary Code Execution vulnerability in Sourcetree for Mac that allows a locally authenticated attacker to ...

An authenticated low-privilege user in MicroSCADA X SYS600's Monitor Pro interface can view and overwrite files, leading to information disclosure and...

This macOS privilege escalation vulnerability allows malicious applications to gain elevated system privileges without proper authorization. It affect...