CWE-269: Improper Privilege Management

An authenticated user with limited privileges can escalate to administrator level on affected Zyxel devices, allowing them to upload configuration fil...

A local privilege escalation vulnerability in FortiClient for Linux allows local users to execute arbitrary code with root privileges by exploiting th...

CA Client Automation (ITCM) allows non-admin users to encrypt strings using CAF CLI and SD_ACMD CLI, potentially exposing critical encryption keys. Th...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to escalate their privileges to administrator by exploi...

This vulnerability allows authenticated users with limited permissions in ManageEngine ADManager Plus to escalate privileges through the Modify Comput...

This vulnerability allows authenticated users of the ProGauge MAGLINK LX4 CONSOLE to escalate their privileges to administrator level. This affects al...

This vulnerability in the Login with phone number WordPress plugin allows authenticated attackers with Subscriber-level access or higher to escalate t...

This vulnerability in Microsoft SQL Server allows authenticated attackers to elevate their privileges within the database system. Attackers could gain...

The Newsletters plugin for WordPress allows authenticated users with subscriber-level access or higher to escalate privileges to administrator by mani...

CVE-2024-43403 is a privilege escalation vulnerability in Kanister's Kubernetes operator where the default ClusterRoleBinding grants excessive permiss...

Cosy+ industrial remote access gateways running vulnerable firmware versions execute multiple processes with excessive privileges, allowing attackers ...

Apache Linkis versions up to 1.5.0 contain a privilege escalation vulnerability where trusted accounts can access token information they shouldn't hav...

This vulnerability allows authenticated users with 'contributor' role or higher to escalate their privileges to administrator level in WordPress sites...

This vulnerability allows attackers with subscriber-level access in WordPress to escalate their privileges to administrator level in the BookYourTrave...

This vulnerability allows attackers to escalate privileges in the Zephyr Project Manager WordPress plugin, enabling unauthorized users to gain adminis...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Ultimate Addons for Elementor plugin. Attackers can gain admin...

This vulnerability in Eskooly Free Online School Management Software allows remote attackers to escalate privileges through the sign-up process. It af...

This vulnerability allows unprivileged attackers to overwrite the AdGuardHome binary, enabling privilege escalation to root/admin access. It affects A...

An access control vulnerability in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST reque...

CVE-2024-36077 is a privilege escalation vulnerability in Qlik Sense Enterprise for Windows where improper validation allows remote attackers to eleva...

This vulnerability in the Booking Ultra Pro WordPress plugin allows attackers to escalate privileges, potentially gaining administrative access. It af...

This vulnerability in the AA-Team WZone WordPress plugin allows attackers to escalate privileges, potentially gaining administrative access. It affect...

This vulnerability in the WordPress 'Login with phone number' plugin allows attackers to escalate privileges due to improper privilege management. Att...

This vulnerability in the InstaWP Connect WordPress plugin allows attackers to update arbitrary WordPress options, leading to privilege escalation. At...

This CVE describes an authenticated privilege escalation vulnerability in the WordPress Build App Online plugin. Authenticated users can exploit impro...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Ultimate Addons for Beaver Builder plugin. Attackers could gai...

This vulnerability allows attackers to escalate privileges in WordPress sites using the Ultimate Addons for Elementor plugin. Attackers can gain admin...

This vulnerability in Crocoblock's JetEngine WordPress plugin allows attackers to escalate privileges due to improper privilege management. Attackers ...

This vulnerability allows authenticated WordPress users with lower privileges to escalate their permissions to administrator level in Thrive Theme Bui...

This vulnerability in the Themify Ultra WordPress theme allows authenticated users to escalate their privileges to administrator level. It affects Wor...

CVE-2023-41665 is an improper privilege management vulnerability in the GiveWP WordPress plugin that allows authenticated attackers with GiveWP Manage...

This vulnerability allows contributors on WordPress sites using Essential Addons for Elementor to escalate their privileges to administrator level. It...

This vulnerability allows unauthenticated attackers to escalate privileges in the SAASPROJECT Booking Package WordPress plugin. Attackers can gain adm...

This vulnerability allows attackers to escalate privileges in the Leyka WordPress plugin, potentially gaining administrative access. It affects all Le...

This vulnerability allows DLL side-loading in BeyondTrust U-Series Appliance on Windows 64-bit systems due to improper privilege management. Attackers...

The wn-dusk-plugin for Winter CMS contains an authentication bypass vulnerability that allows unauthenticated attackers to log in as any user in the B...

This vulnerability in TIBCO FTL Server allows low-privileged attackers with network access to escalate privileges on affected systems. It affects TIBC...

This CVE describes an improper privilege management vulnerability in Anything-LLM where managers can bypass UI restrictions and modify restricted sett...

This CVE describes a local privilege escalation vulnerability in OpenText Operations Agent on non-Windows platforms. An authenticated local user could...

A privilege escalation vulnerability in Fortinet FortiClientEMS allows site administrators with Super Admin privileges to perform global administrativ...

This CVE describes a privilege escalation vulnerability in MinIO where newly created access keys inherit admin permissions from parent keys, allowing ...

This vulnerability allows authenticated users of Ivanti Connect Secure and Ivanti Policy Secure to escalate their privileges to administrator level. I...

This vulnerability allows remote attackers to escalate privileges in Coign CRM Portal v.06.06 by manipulating the userPermissionsList parameter in the...

This vulnerability allows authenticated attackers in Fortinet FortiOS and FortiProxy HA clusters to perform elevated actions through crafted HTTP/HTTP...

This vulnerability in EnterpriseDB Postgres Advanced Server allows authenticated database users to escalate their privileges to superuser level by exp...

This vulnerability allows authenticated SnapCenter Server users to escalate privileges to admin level on remote systems where SnapCenter plug-ins are ...

This vulnerability in D-LINK DPH-400SE allows remote attackers to escalate privileges through the User Modify function in the Maintenance/Access compo...

This vulnerability allows users with VMware admin access on a FlashArray to escalate privileges to root through VASA. It affects VMware vSphere/ESXi e...

CVE-2023-40918 allows unauthorized users to create new administrator accounts in KnowStreaming 3.3.0, leading to privilege escalation. This affects al...

The ReviewX WordPress plugin up to version 1.6.13 contains a privilege escalation vulnerability that allows authenticated users with minimal permissio...