CWE-269: Improper Privilege Management

This vulnerability allows a local user with restricted shell access on IBM Hardware Management Console (HMC) to escalate privileges to root. It affect...

This CVE describes a local privilege escalation vulnerability in IBM Performance Tools for i. An attacker with command-line access to the host operati...

This vulnerability allows local attackers to escalate privileges on IBM Db2 for Windows systems by exploiting unquoted service paths. Attackers can pl...

CVE-2023-20854 is an arbitrary file deletion vulnerability in VMware Workstation that allows local authenticated users to delete any files on the syst...

This vulnerability allows managers in Vaultwarden to escalate their privileges by modifying permissions for collections they shouldn't have access to....

SuiteCRM versions 7.14.7 and prior, and 8.0.0-beta.1 through 8.9.0 contain a privilege escalation vulnerability where user sessions remain active afte...

External Secrets Operator versions before 0.10.2 have an overly permissive ClusterRole that allows the default-external-secrets-cert-controller deploy...

This vulnerability allows low-privileged users in VTiger CRM to bypass authorization checks and disable arbitrary modules via the Migration administra...

This vulnerability in the ARMember WordPress plugin allows attackers to bypass membership restrictions and access premium content without proper autho...

A privilege management vulnerability in Astrotalks allows local users to gain administrator access without credentials. This affects systems running A...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

A local privilege escalation vulnerability in Oracle VM VirtualBox 7.1.10 allows attackers with high privileges on the host system to compromise the V...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to completely compromise the Virtual...

NVIDIA ChatRTX for Windows has a privilege management vulnerability where attackers can send open file requests to escalate privileges locally. This c...

CVE-2023-41806 is an improper privilege management vulnerability in Pandora FMS that allows authenticated users to escalate privileges, potentially le...

This vulnerability in Tokueimaru_waiting Line 13.6.1 allows attackers to obtain the client secret, which can then be used to acquire channel access to...

CVE-2023-39734 is a client secret leakage vulnerability in VISION MEAT WORKS TrackDiner10/10_mc Line v13.6.1 that allows attackers to obtain channel a...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to the host system to compromise VirtualBox and potenti...

This vulnerability in Flatpak allows malicious applications to grant themselves hidden permissions without user consent by exploiting a null byte in m...

This vulnerability allows local administrators on Windows systems to prevent proper installation of McAfee Endpoint Security (ENS) files during clean ...

This vulnerability allows a privileged guest user in a QEMU virtual machine with virtio-fs shared directories to create device special files that prov...

The Magic Login Mail or QR Code WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to gain access to any ...

This vulnerability in the Custom Login Page Customizer WordPress plugin allows unauthenticated attackers to reset any user's password by knowing their...

This vulnerability allows unauthenticated attackers to register as administrators on WordPress sites using the Academy LMS plugin with Social Login ad...

This vulnerability in Diebold Nixdorf Vynamic Security Suite allows attackers to delete critical system files before filesystem mounting, potentially ...

This vulnerability in Oracle PeopleSoft Enterprise HCM Global Payroll Core allows authenticated attackers with low privileges to access and modify sen...

This vulnerability allows authenticated users in ZKTeco ZKBio CVSecurity to bypass password verification when exporting data. Attackers with valid cre...

This vulnerability in ONTAP Select Deploy administration utility allows read-only users to escalate their privileges to higher administrative levels. ...

CVE-2024-22752 is an insecure permissions vulnerability in EaseUS MobiMover that allows attackers to escalate privileges by placing a malicious execut...

This vulnerability in GLPI allows API users with read-only access to user resources to steal other users' accounts by exploiting improper privilege ma...

This vulnerability allows authenticated GLPI users to modify any user's email address, enabling account takeover through password reset functionality ...

This vulnerability in SAP SuccessFactors allows authenticated users with standard privileges to perform administrative actions on attachments via misc...

This critical vulnerability in Cardo Systems Scala Rider Q3 allows unauthenticated attackers to execute arbitrary code with root privileges via the /c...

This vulnerability in NVIDIA DGX Spark GB10 hardware allows attackers to tamper with hardware controls, potentially leading to information disclosure,...

A privilege escalation vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to bypass the pending approval process and activate their...

This vulnerability allows authenticated Windows Active Directory users in the same domain as a Citrix Session Recording server to escalate privileges ...

This vulnerability in WPForms User Registration plugin allows authenticated users to escalate their privileges, potentially gaining administrative acc...

This vulnerability in the WP User Switch WordPress plugin allows attackers to escalate privileges due to improper privilege management. It affects all...

This vulnerability allows users with authorized access to the management console with an editor role in GitHub Enterprise Server to escalate their pri...

This vulnerability allows attackers with access to the kubewarden-controller ServiceAccount to read arbitrary Kubernetes secrets. It affects SUSE kube...

This vulnerability in Grafana Enterprise allows privilege escalation when fine-grained access control is enabled. An attacker can use a lower-privileg...

This vulnerability allows an authenticated attacker to execute arbitrary code with SYSTEM privileges by exploiting a flaw in the Windows WLAN AutoConf...

This vulnerability in Webroot Antivirus allows malicious software to abuse the WRSA.EXE process to delete arbitrary and protected files, potentially l...

A local privilege escalation vulnerability in McAfee Consumer Product Removal Tool allows authenticated local users to modify configuration files and ...

This vulnerability allows unauthorized attackers to execute arbitrary activities through Samsung's ApkInstaller dynamic receiver without proper permis...

This vulnerability allows attackers to read the ESN (Electronic Serial Number) value without proper privileges on affected Samsung devices. The ESN is...

This vulnerability allows authenticated users to escape the restricted shell in Akkadian Provisioning Manager Engine by exploiting the 'Edit MySQL Con...

This vulnerability allows local attackers to achieve privilege escalation to SYSTEM level by placing a malicious executable in a world-writable direct...

This vulnerability allows an authorized attacker with valid Remote Desktop credentials to elevate privileges on a Windows system. It affects Windows s...

A local privilege escalation vulnerability in Quick Heal Total Security allows low-privileged users to restore quarantined files into protected system...