CWE-269: Improper Privilege Management

This vulnerability allows attackers to invoke the add_user interface in the system module on GL.iNet devices to gain root privileges. It affects multi...

This vulnerability in TheGreenBow VPN clients allows attackers to escalate privileges by manipulating memory mapped files. Attackers could gain SYSTEM...

This vulnerability allows unauthenticated attackers to impersonate any existing user during device enrollment in Ivanti EPMM (formerly MobileIron Core...

D-Link DIR-820L router firmware version 1.05B03 has insecure permissions that allow unauthorized access to sensitive functions. This vulnerability aff...

This CVE describes a critical privilege escalation vulnerability in Huawei/HarmonyOS window management modules where permissions are not strictly veri...

This CVE-2023-44106 is an API permission management vulnerability in Huawei's Fwk-Display module that allows unauthorized access to display framework ...

This vulnerability allows remote attackers to execute arbitrary code on affected Schneider Electric systems by exploiting improper privilege managemen...

This vulnerability in Service Provider Management System v1.0 allows remote attackers to escalate privileges by manipulating the ID parameter in the a...

This vulnerability in OPSWAT MetaDefender KIOSK allows attackers to abuse built-in Windows features like desktop shortcuts and narrator to escalate pr...

The Donation Forms by Charitable WordPress plugin allows unauthenticated attackers to escalate privileges by specifying their user role during registr...

This vulnerability in RuoYi's CookieRememberMeManager allows remote attackers to escalate privileges by exploiting improper deserialization of remembe...

This CVE describes a Use After Free vulnerability in the Linux kernel's uinput module that allows local attackers to escalate privileges to kernel lev...

This vulnerability in edjing Mix v7.09.01 for Android allows unauthorized apps to manipulate the application's database, leading to privilege escalati...

This vulnerability allows attackers with valid unprivileged accounts to escalate privileges in Apache InLong. By intercepting login requests and reusi...

This vulnerability in WHO app versions 1.0.28, 1.0.30, and 1.0.32 allows attackers to escalate privileges via the TTMultiProvider component. Attackers...

A privilege escalation vulnerability in POWERAMP audio player allows remote attackers to gain elevated privileges by manipulating reverb and EQ preset...

CVE-2022-48353 is a configuration vulnerability in some Huawei smartphones that allows kernel privilege escalation when exploited. This can lead to sy...

This vulnerability in Huawei whole-home intelligence software allows attackers to bypass intended privilege restrictions and access restricted functio...

This vulnerability in legacy Axis devices allows remote attackers to bypass privilege management through manipulation of CGI scripts. It affects speci...

This vulnerability allows attackers to escalate privileges in OPSWAT MetaDefender products due to incorrect access control. Affected systems include M...

CVE-2022-31267 is a privilege escalation vulnerability in Gitblit 1.9.2 that allows attackers to gain administrative privileges by injecting control c...

CVE-2022-26676 is a critical privilege escalation vulnerability in aEnrich a+HRD software where unauthenticated remote attackers can upload and execut...

CVE-2022-24637 is a critical vulnerability in Open Web Analytics (OWA) that allows unauthenticated remote attackers to obtain sensitive user informati...

The MasterStudy LMS WordPress plugin before version 2.7.6 contains an authentication bypass vulnerability that allows unauthenticated attackers to reg...

CVE-2022-25089 is a privilege escalation vulnerability in Printix Secure Cloud Print Management where the software incorrectly uses privileged APIs to...

CVE-2021-22801 is a critical privilege management vulnerability in Schneider Electric's ConneXium Network Manager software that allows authenticated a...

CVE-2021-27664 is a critical vulnerability in exacqVision Server where unauthenticated remote attackers can access stored credentials under certain co...

CVE-2021-38540 is an authentication bypass vulnerability in Apache Airflow's variable import endpoint. Unauthenticated attackers can add or modify Air...

In ownCloud versions before 10.8, a user with access to a federated share and the database can modify permissions to elevate their own privileges. Thi...

CVE-2021-38140 is a privilege escalation vulnerability in the set_user extension for PostgreSQL. It allows authenticated database users to escalate pr...

This vulnerability allows attackers to gain root access on Swisslog Healthcare Nexus Panel devices by using default credentials. It affects HMI3 Contr...

CVE-2021-35064 is a privilege escalation vulnerability in KramerAV VIAWare that allows attackers to gain root access through sudo misconfiguration. Th...

This critical vulnerability in the ProfilePress WordPress plugin allows unauthenticated attackers to register new user accounts with administrator pri...

CVE-2020-28904 is a privilege escalation vulnerability in Nagios Fusion that allows attackers to execute arbitrary PHP code with elevated privileges. ...

CVE-2020-15390 is an improper access control vulnerability in Pega Platform's pyActivity component that allows unauthenticated attackers to access sen...

This vulnerability allows local attackers to escalate privileges on Windows systems running vulnerable versions of Citrix Gateway Plug-in. Attackers c...

CVE-2020-27654 is an improper access control vulnerability in the lbd service of Synology Router Manager (SRM) that allows remote attackers to execute...

This vulnerability allows remote attackers to bypass authentication in Pexip Infinity's client API and gain elevated privileges. It affects all Pexip ...

This vulnerability allows a remote attacker to escalate privileges to OS-level on ChromeOS devices by tricking a user into opening a malicious file. I...

This vulnerability allows remote attackers to bypass authentication on Swissphone DiCal-RED 4009 devices by using the device password's hash value ins...

This vulnerability in Ultimate Membership Pro WordPress plugin allows unauthenticated attackers to escalate privileges, potentially gaining administra...

This vulnerability in NVIDIA DGX Spark GB10's SROOT component allows attackers with privileged access to bypass SoC (System-on-Chip) protections. Succ...

A privilege escalation vulnerability in snapd's systemd service unit generation allows Docker containers within snaps to gain unintended privileges. W...

This vulnerability allows an existing unprivileged user with valid credentials to log into the standby supervisor module as root, leading to privilege...

CVE-2021-21428 is an insecure temporary file creation vulnerability in openapi-generator-online that allows any user on the system to read and append ...

A broken access control vulnerability in SolarWinds Serv-U allows domain or group administrators to create system admin users and execute arbitrary co...

A missing validation vulnerability in SolarWinds Serv-U allows administrators to execute arbitrary code. This affects Serv-U deployments where adminis...

This vulnerability allows a privileged user with known credentials to escape CLI restrictions and gain full system control in Dell CloudLink. It affec...

This vulnerability in Rancher allows attackers to escape the chroot jail and gain root access to the Rancher container. In production environments, th...

This vulnerability allows a malicious user to exploit a remote administrative service in FlashArray Purity to create unauthorized privileged accounts ...