CWE-269: Improper Privilege Management

This vulnerability in CKAN's Docker container allows the 'ckan' user (equivalent to www-data) to execute arbitrary code with elevated privileges via s...

CVE-2022-3405 is a privilege escalation vulnerability in Acronis Agent that allows local attackers to execute arbitrary code and access sensitive info...

This vulnerability allows improper privilege management in Microweber CMS, enabling attackers to escalate privileges or perform unauthorized actions. ...

This vulnerability allows authenticated remote attackers to make unauthorized API calls on Fortinet FortiSandbox and FortiDeceptor systems. Attackers ...

This CVE describes an improper privilege management vulnerability in phpMyFAQ versions prior to 3.1.12. It allows authenticated users to escalate priv...

This vulnerability in OpenGoofy Hippo4j allows attackers to escalate privileges through the ThreadPoolController in the tenant Management module. Atta...

This vulnerability allows authenticated attackers with S3 permissions to bypass bucket name validation and write objects to any bucket in Minio object...

This vulnerability in ThingsBoard 3.4.1 allows low-privileged CUSTOMER_USER accounts to escalate privileges to TENANT_ADMIN or SYS_ADMIN roles by expl...

CVE-2022-48341 is a privilege escalation vulnerability in ThingsBoard where authenticated tenant administrators can modify the scopes parameter to gai...

Apache ShenYu Admin allows low-privilege administrators to create users with higher privileges than their own due to improper privilege management. Th...

CVE-2022-32536 is an authentication bypass vulnerability in Bosch Ethernet switch PRA-ES8P2S web servers that allows non-administrator users to gain a...

This critical vulnerability in GE Voluson S8 ultrasound systems stems from the underlying Windows XP operating system missing security patches, creati...

This vulnerability allows any authenticated user, even with low privileges like subscribers or customers, to escalate their permissions to administrat...

This vulnerability allows local attackers to gain root privileges on 3CX Phone System installations by exploiting insecure sudo permissions for tcpdum...

CVE-2022-1770 is an improper privilege management vulnerability in the trudesk helpdesk software that allows authenticated users to escalate their pri...

CVE-2021-36207 is a privilege escalation vulnerability in Johnson Controls Metasys ADS/ADX/OAS servers that allows authenticated users to elevate thei...

CVE-2021-43858 is a privilege escalation vulnerability in MinIO cloud storage software where a malicious client can craft HTTP API calls to update use...

This vulnerability in Xen's VT-d IOMMU implementation allows a guest virtual machine to write to leaf page table entries when sharing page tables with...

This vulnerability allows attackers on the same local network to bypass privilege controls in BenQ smart wireless conference projector management inte...

The HM Multiple Roles WordPress plugin before version 1.3 contains a privilege escalation vulnerability that allows authenticated users with any role ...

This vulnerability in Netskope Client allows low-privileged users to escalate their privileges to SYSTEM level on Windows systems. It affects Netskope...

This vulnerability in Neo4j Graph Database allows authenticated users to execute commands with elevated privileges due to a failure in resetting secur...

This CVE describes a remote code execution vulnerability in the Windows Print Spooler service that allows attackers to execute arbitrary code with SYS...

This vulnerability allows authenticated users of Johnson Controls Facility Explorer SNC Series Supervisory Controllers to gain unintended file system ...

This vulnerability in Weidmueller Industrial WLAN devices allows authenticated low-privilege users to overwrite other user account passwords by crafti...

This vulnerability in Mozilla Firefox, Firefox ESR, and Thunderbird allows malicious web content to gain elevated system privileges through Blob URL m...

This vulnerability in Cisco Small Business Wireless Access Points allows authenticated remote attackers to access sensitive information or execute arb...

This vulnerability allows authenticated non-administrative users in Mendix applications to manipulate their user roles and gain administrative privile...

CVE-2021-26758 is a privilege escalation vulnerability in OpenLiteSpeed web server version 1.7.8 that allows attackers to gain root terminal access an...

CVE-2021-1728 is an elevation of privilege vulnerability in Microsoft System Center Operations Manager (SCOM). It allows authenticated attackers to ex...

This vulnerability allows attackers to escalate privileges to administrator role in Directus 8.x through 8.8.1 by exploiting insufficient backend vali...

This vulnerability in HPE OneView for VMware vCenter allows attackers with read-only privileges to perform administrative actions through vertical pri...

This vulnerability allows attackers to use time-bound device onboarding tokens to gain administrative privileges on Arista CloudVision Portal (CVP) on...

This vulnerability in OpenObserve allows users with 'Admin' role privileges to delete 'Root' user accounts, bypassing intended privilege hierarchy. Th...

An improper access control vulnerability in Partner.Microsoft.com allows unauthenticated attackers to elevate privileges over a network. This affects ...

This vulnerability in OpenText Privileged Access Manager allows attackers to gain unrestricted access to all application resources after obtaining a t...

An Improper Privilege Management vulnerability in ASUSTOR Data Master (ADM) allows unprivileged local users to modify storage device configurations. T...

This vulnerability in Podman and Buildah allows container breakout through a race condition when building malicious Containerfiles with --jobs=2. Atta...

CVE-2023-41957 is an unauthenticated privilege escalation vulnerability in the WordPress Simple Membership plugin. Attackers can exploit this flaw to ...

This vulnerability allows a local attacker with framework user privileges on Amazon Kindle e-readers to escalate to root access. It affects Kindle dev...

This vulnerability in Ubuntu's authd service incorrectly assigns root group membership to first-time SSH users during pre-authentication. This allows ...

CVE-2024-45752 allows any unprivileged user to configure the logid daemon via an unrestricted D-Bus service in logiops, enabling malicious keyboard ma...

This vulnerability in Grav CMS allows low-privileged users with page edit permissions to read arbitrary server files using Twig syntax, including sens...

This vulnerability allows lower-privileged users of Micro Focus Content Manager to manipulate client applications and escalate their privileges, enabl...

This vulnerability in Cloudflare Wrangler's development server allowed arbitrary code execution within Workers sandbox via the V8 inspector. Attackers...

This CVE describes an input verification vulnerability in Huawei's compression/decompression module that could allow attackers to manipulate or corrup...

In Tenable Agent versions before 10.8.5 on Windows, a non-administrative user can overwrite arbitrary local system files with log content using SYSTEM...

This vulnerability allows local attackers to modify the administrator password in WhatsUp Gold through improper access control in the SetAdminPassword...

This vulnerability in Realtek's IO Driver allows attackers to escalate privileges and execute arbitrary code by sending crafted IOCTL requests to the ...

This vulnerability in IBM Db2 for Windows allows a local user to escalate privileges to SYSTEM level using the MSI repair functionality. It affects Db...