CWE-269: Improper Privilege Management

This vulnerability in BambooHR Build allows remote attackers to perform privilege escalation through an open redirect in the SAML authentication endpo...

This vulnerability in Trend Micro Apex One Security Agent allows a local attacker with low-privileged access to bypass security controls and execute a...

A DLL hijacking vulnerability in AMD Ryzen Master Utility allows attackers to place malicious DLLs in directories where the application searches for t...

CVE-2025-23208 is an authorization bypass vulnerability in Zot OCI image registry where group membership changes from identity providers are not prope...

This vulnerability in Zitadel identity management platform allows deactivated user grants to remain active in tokens, potentially granting unauthorize...

This CVE describes a local privilege escalation vulnerability in ESET security products where an attacker can misuse file operations during quarantine...

This CVE describes a local privilege escalation vulnerability in Ivanti Secure Access Client for Linux that allows authenticated low-privileged users ...

This vulnerability allows low-privileged users on systems running vulnerable TeamViewer Remote Client versions to elevate privileges by changing perso...

This critical vulnerability in Shenzhen Youkate Industrial Facial Love Cloud Payment System allows remote attackers to bypass privilege management by ...

ASUS Control Center API has broken access control allowing unauthenticated remote attackers to call privileged API functions. This can lead to partial...

This critical vulnerability in Solar-Log energy monitoring systems allows remote attackers to escalate privileges by manipulating flash memory functio...

This critical vulnerability in MONyog Ultimate 6.63 allows remote attackers to escalate privileges by manipulating cookie parameters (HasServerEdit/Is...

This vulnerability allows authenticated low-privileged users on Cisco SD-WAN vManage systems to escalate privileges to root by injecting commands into...

This CVE describes a local privilege escalation vulnerability in Zyxel AP Configurator (ZAC) version 1.1.4, where incorrect directory permissions allo...

CVE-2022-25311 is a privilege escalation vulnerability in Siemens SINEC NMS and SINEMA Server where authenticated low-privileged users can gain higher...

This vulnerability allows a local authenticated attacker to execute arbitrary code with SYSTEM privileges on affected Windows systems. It affects Wind...

CVE-2021-1704 is a privilege escalation vulnerability in Windows Hyper-V that allows an authenticated attacker to execute arbitrary code with SYSTEM p...

CVE-2021-1706 is a local privilege escalation vulnerability in Windows LUAFV (Local User Authority File Virtualization) driver that allows authenticat...

CVE-2021-1685 is an elevation of privilege vulnerability in Windows AppX Deployment Extensions that allows authenticated attackers to execute code wit...

This vulnerability allows attackers to escalate privileges to root and read/write arbitrary files on Cohesity TranZman Migration Appliance systems due...

This vulnerability allows low-privilege API keys in Immich to escalate their own permissions by calling the update endpoint, granting themselves full ...

This vulnerability allows a physically proximate attacker to edit the Legacy GRUB bootloader configuration on affected Entrust nShield HSM devices, en...

This vulnerability allows authenticated Nagios XI administrators to escalate their privileges to root on the underlying host system by abusing the Mig...

A privilege escalation vulnerability allows non-primary administrators with web interface access but no shell permissions to view the master admin pas...

This vulnerability in Ocuco Innovation's JOBMANAGER.EXE allows attackers to bypass authentication and gain Administrator privileges by sending a speci...

A privilege escalation vulnerability in OrangeHRM v5.7 allows attackers to bypass authentication via PHP loose-equality comparisons if a specific MD5 ...

The Post Meta Data Manager WordPress plugin allows authenticated attackers with Administrator access to escalate privileges on multisite installations...

This vulnerability in the CTX Feed WordPress plugin allows attackers to update arbitrary WordPress options due to improper privilege management. It en...

CVE-2024-3325 is an improper privilege management vulnerability (CWE-269) in Jaspersoft JasperReport Servers that allows authenticated users to escala...

This vulnerability in the WPFactory EAN for WooCommerce WordPress plugin allows attackers to update arbitrary WordPress options, leading to privilege ...

This vulnerability in the WordPress Instant Images plugin allows attackers to update arbitrary WordPress options, potentially leading to privilege esc...

This vulnerability allows attackers to escalate privileges in the WebToffee WooCommerce PDF plugin, potentially gaining administrative access to WordP...

This vulnerability allows authenticated WordPress users to escalate their privileges to administrator level through the WP User Frontend plugin. It af...

This vulnerability allows attackers with administrative access to VMware Avi Load Balancer to escalate privileges to root on the host system, enabling...

This vulnerability in Dell SupportAssist for Home PCs allows local attackers to escalate privileges during first-time installations. Only users who pe...

CVE-2023-5408 is a privilege escalation vulnerability in OpenShift's Kubernetes API server node restriction admission plugin. A remote attacker who ca...

This vulnerability allows remote attackers with knowledge of the SNMPv2 read/write community string to execute arbitrary system commands with root pri...

The Company admin role in eZ Platform Ibexa Kernel before version 1.3.26 grants excessive privileges, allowing users with this role to perform unautho...

This vulnerability in SUSE Rancher allows authenticated users with 'escalate' permissions on PRTBs (Project Role Template Bindings) to escalate their ...

This vulnerability allows users with the restricted-admin role in SUSE Rancher to escalate their privileges to full administrator access. It affects S...

CVE-2021-43835 is a privilege escalation vulnerability in Sulu CMS where authenticated users with any admin UI access can exploit the ProfileControlle...

This vulnerability in IBM Event Streams allows a user with access to the CA private key to create their own certificates, deploy them in the cluster, ...

This CVE describes an improper verification vulnerability in Huawei email applications that could allow attackers to access sensitive information. The...

This vulnerability allows a standard local user without administrative privileges to execute privileged update commands via Microsoft Edge's Elevation...

In self-hosted n8n instances prior to version 2.0.0, authenticated users with workflow editing access can exploit the Code node's legacy JavaScript ex...

This vulnerability in ETSI Open-Source MANO (OSM) allows remote authenticated attackers to escalate privileges through the /osm/admin/v1/users API end...

This vulnerability allows an attacker with control over a content process to abuse the privileged UITour actor, potentially leading to information dis...

The Bricks WordPress theme has a privilege escalation vulnerability that allows authenticated attackers with contributor-level access to execute arbit...

A privilege escalation vulnerability in Cloudflare WARP for Windows allows low-privileged users to create symbolic links that cause the WARP service (...

This vulnerability allows authenticated users with common permissions to intercept password change requests and modify administrator credentials on ZT...