CWE-272: CWE-272

This CVE describes a privilege escalation vulnerability where the web server binary runs with root privileges, violating the principle of least privil...

The Social Streams WordPress plugin allows authenticated attackers with Subscriber-level access or higher to escalate their privileges to Administrato...

Veritas System Recovery versions before 23.3_Hotfix have insecure folder permissions that allow low-privileged users to modify or access sensitive fil...

This vulnerability allows local privilege escalation in Wibu CodeMeter installations. An attacker with local unprivileged access can gain SYSTEM/admin...

This CVE describes a local privilege escalation vulnerability in Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs. Local users can ex...

This vulnerability allows local authenticated users on Brocade Fabric OS systems to escalate their privileges to root level using specific commands. I...

This vulnerability in the mk_informix Checkmk agent plugin allows local users to escalate privileges due to least privilege violations and reliance on...

A privilege escalation vulnerability in Notepad++ installer versions 8.8.1 and earlier allows unprivileged users to gain SYSTEM-level privileges throu...

Dell Display Manager version 2.1.1.17 contains a privilege escalation vulnerability where low-privileged users can execute arbitrary code during insta...

Dell Display Manager versions 2.1.0 and earlier contain a privilege escalation vulnerability during installation. A local attacker with low privileges...

A least privilege violation vulnerability in Omron NJ/NX-series Machine Automation Controllers allows attackers to bypass intended access restrictions...

JetBrains TeamCity versions before 2025.11.1 stored GitHub personal access tokens instead of installation tokens, granting excessive privileges. This ...

Pepr, a type-safe Kubernetes middleware, defaults to cluster-admin RBAC configuration in versions before 1.0.5, granting excessive permissions that vi...