CWE-269: Improper Privilege Management

A privilege escalation vulnerability in Cloudflare WARP for Windows allows low-privileged users to create symbolic links that cause the WARP service (...

This vulnerability allows authenticated users with common permissions to intercept password change requests and modify administrator credentials on ZT...

CVE-2024-3137 is an improper privilege management vulnerability in uvdesk/community-skeleton that allows authenticated users to escalate privileges an...

This vulnerability in DataHub allows users with email sign-up links to create admin accounts when the default 'datahub' user has been removed but its ...

This vulnerability allows low-privileged Windows users to escalate privileges to SYSTEM level by replacing a specially crafted file in Nessus Network ...

This CVE describes an insecure permissions vulnerability in Shop_CMS YerShop that allows remote attackers to escalate privileges via the cover_id para...

This vulnerability in Veritas NetBackup's BPCD component allows unprivileged users to specify arbitrary log file paths when executing commands, enabli...

This vulnerability in Argo Workflows allows authenticated attackers to create malicious workflows that generate HTML artifacts containing scripts. Whe...

CVE-2022-0144 is a privilege management vulnerability in shelljs where the 'exec' function could be tricked into executing commands with elevated priv...

This vulnerability allows GitLab users with developer role permissions to elevate their privileges to maintainer level when importing projects. It aff...

This vulnerability in HarmonyOS allows local attackers to bypass privilege restrictions and gain kernel-level read/write access. It affects devices ru...

A local privilege escalation vulnerability exists in the SAN Host Utilities for Windows installer versions before 8.0. This allows authenticated local...

This vulnerability allows an authorized attacker with local access to a Windows system to escalate privileges by exploiting improper privilege managem...

This is a local privilege escalation vulnerability in Huawei FusionCompute products. Attackers with local access can exploit insufficient deserializat...

CVE-2023-22576 is a local privilege escalation vulnerability in Dell Repository Manager versions 3.4.2 and earlier. A local low-privileged attacker ca...

A local privilege escalation vulnerability in Palo Alto Networks Cortex XDR agent on Windows allows authenticated local users to execute programs with...

This vulnerability allows a local user to escalate privileges by attaching a malicious plugin to an application running the Elastic APM Java agent. At...

This vulnerability in Windows Error Reporting Service allows authenticated local attackers to execute arbitrary code with SYSTEM privileges. It affect...

This vulnerability allows local privilege escalation (LPE) in Cryptomator's MSI installer repair function. Low-privileged users can exploit administra...

This vulnerability in Oracle Solaris's NSSwitch component allows a low-privileged attacker with local access to potentially gain full control of the s...

CVE-2021-41334 is an elevation of privilege vulnerability in Windows Desktop Bridge that allows authenticated attackers to execute arbitrary code with...

This is a DirectX Elevation of Privilege vulnerability that allows an authenticated attacker to execute arbitrary code with SYSTEM privileges on a vul...

CVE-2021-1709 is a privilege escalation vulnerability in the Windows Win32k kernel driver that allows authenticated attackers to gain SYSTEM-level pri...

CVE-2021-1682 is a Windows kernel elevation of privilege vulnerability that allows authenticated attackers to execute arbitrary code with SYSTEM privi...

This CVE describes a privilege escalation vulnerability in Dell EMC Isilon OneFS and PowerScale OneFS systems. It allows a compadmin user with specifi...

This Windows vulnerability allows authenticated attackers to elevate privileges by exploiting improper privilege management in AppX Deployment Extensi...

CVE-2019-1175 is a local privilege escalation vulnerability in Microsoft's psmsrv.dll component. An authenticated attacker could exploit this to execu...

CVE-2019-1177 is a local privilege escalation vulnerability in Windows' rpcss.dll component. An authenticated attacker could exploit this to execute a...

This vulnerability allows a physically proximate attacker to escalate privileges on Entrust nShield hardware security modules by inserting a chassis p...

This vulnerability allows an attacker with physical access to a ChromeOS device to escalate privileges to root and potentially unenroll enterprise-man...

This vulnerability allows unauthorized screenshot capturing in Huawei's WMS module, potentially exposing sensitive information displayed on affected d...

This vulnerability allows attackers with editor-level access in WordPress to escalate their privileges to administrator level in the Salon Booking Sys...

CVE-2025-69257 is a local privilege escalation vulnerability in theshit command-line utility. When executed with elevated privileges (sudo/root), the ...

Dell PowerScale OneFS versions before 9.12.0.0 have a privilege escalation vulnerability where a high-privileged local attacker can gain additional sy...

A privilege escalation vulnerability allows privileged engineer users with console access to modify configuration files used by a root-level daemon, p...

A privilege escalation vulnerability in RUoYi v.4.8.0 allows remote attackers to gain elevated privileges by manipulating the menuId parameter. This a...

A privilege escalation vulnerability in SoundCloud's iOS app v7.65.2 allows local attackers to gain elevated privileges and access sensitive informati...

This vulnerability in Azure Agent Installer allows authenticated attackers to escalate privileges on local systems. Attackers with standard user acces...

Dell PowerScale InsightIQ version 5.1 contains an improper privilege management vulnerability that allows a high-privileged attacker with local access...

Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper privilege management vulnerability that allows a local high-privilege attac...

This vulnerability allows local attackers with existing user privileges to escalate to administrator privileges through arbitrary code execution durin...

This vulnerability in ATF SPM allows attackers to remap physical memory to virtual memory due to a logic error, enabling local privilege escalation. I...

This CVE describes an improper privilege management vulnerability in multiple Fortinet products where authenticated users with read-only admin permiss...

This vulnerability allows attackers to escalate privileges in Rancher when RoleTemplate objects have external=true. Attackers could gain higher permis...

CVE-2024-44540 allows attackers with physical access to Ubiquiti AirMax devices to gain privileged command shell access via the UART debugging port. T...

This vulnerability in Entrust Instant Financial Issuance (formerly Cardwizard) allows attackers to decrypt passwords using static hard-coded AES keys,...

This vulnerability involves inadequate permission management for camera guest accounts in Hanwha Vision cameras, allowing unauthorized access to sensi...

This vulnerability allows authenticated users of HiSecOS 04.0.01 to escalate their privileges to administrative level by sending crafted XML payloads ...

This vulnerability in Intel CIP software allows unprivileged authenticated users to potentially access sensitive information they shouldn't have acces...

A local privilege escalation vulnerability in Oracle VM VirtualBox allows authenticated attackers with low privileges on the host system to access sen...