CWE-276: CWE-276

A permissions vulnerability in Apple operating systems allows malicious applications to escalate privileges to root access. This affects macOS, tvOS, ...

CVE-2025-0543 is a local privilege escalation vulnerability in G DATA Security Client where incorrect directory permissions allow unprivileged local u...

This CVE describes a local privilege escalation vulnerability in Thermo Fisher Scientific Xcalibur and Foundation Instrument Control Software on Windo...

This vulnerability in Android's CompanionDeviceManagerService allows local attackers to grant permissions without user consent due to missing permissi...

This Android vulnerability allows local privilege escalation without user interaction due to resource exhaustion preventing permission persistence. At...

This vulnerability allows local attackers to launch arbitrary activities with system-level privileges on Android devices due to a logic error in the W...

This vulnerability in Android's AccountManagerService allows local attackers to bypass parcel mismatch mitigations through unsafe deserialization, pot...

This vulnerability allows attackers to bypass user consent requirements when pairing new Bluetooth HID devices, enabling local privilege escalation wi...

CVE-2024-43765 is a tapjacking/overlay vulnerability in Android that allows attackers to trick users into granting folder access permissions through d...

This vulnerability allows malicious apps to bypass Android's content provider permission checks, potentially accessing sensitive ringtone data without...

This vulnerability in Oracle Analytics Desktop allows local attackers with low privileges to completely compromise the application, potentially gainin...

CVE-2018-9401 is a kernel memory access vulnerability in Android that allows user-space applications to read kernel memory due to incorrect bounds che...

CVE-2018-9434 is an Android Parcel component vulnerability that allows bypassing address space layout randomization (ASLR), enabling local privilege e...

This vulnerability allows malicious apps to bypass VPN restrictions on affected Android devices by exploiting an undeclared permission. It enables loc...

This vulnerability allows an attacker with physical access to bypass biometric authentication on affected Android devices, potentially gaining unautho...

CVE-2024-53840 is a biometric bypass vulnerability in Android that allows local attackers to escalate privileges without user interaction. This could ...

This CVE describes a permission bypass vulnerability in Android's device state change listening mechanism that allows local privilege escalation witho...

This vulnerability in Android's PackageManagerService allows local privilege escalation by preventing the uninstallation of CloudDpc (Device Policy Co...

This CVE describes a macOS permissions vulnerability that allows malicious applications to escalate privileges to root access. It affects macOS Ventur...

This vulnerability allows a local authenticated attacker to escalate privileges on systems running vulnerable versions of Ivanti Automation. Attackers...

This vulnerability allows a local authenticated attacker to escalate privileges on Ivanti Performance Manager systems due to insecure permissions. Att...

CVE-2018-9431 is a local privilege escalation vulnerability in Android's OSUInfo component due to improper input validation. It allows attackers to ga...

This vulnerability allows local attackers to bypass Bluetooth permission dialogs in Android, enabling unauthorized access to contacts without user con...

CVE-2017-13310 is a serialization vulnerability in Android's ViewPager component that allows malicious apps to bypass permission checks and start acti...

CVE-2017-13312 is an Android privilege escalation vulnerability in the MediaCas component where improper input validation allows malicious apps to exe...

CRYHOD for Windows up to version 2024.3 has insecure default folder permissions that allow other users on the same system to access technical files. T...

ZONEPOINT for Windows has insecure default folder permissions that allow other users to access technical files. This could enable privilege escalation...

This vulnerability allows unauthorized users to access dedicated ZEDMAIL folders on Windows systems, potentially enabling privilege escalation by misu...

This vulnerability allows an attacker with physical USB access to an Android device to bypass the lock screen and access device contents without authe...

CVE-2024-47016 is a local privilege escalation vulnerability in Android Pixel devices caused by an insecure default configuration. This allows attacke...

This vulnerability allows local attackers to escalate privileges on Windows systems by exploiting insecure folder permissions in Acronis Cyber Files. ...

Google Cloud Migrate to containers versions 1.1.0 to 1.2.2 on Windows create a local 'm2cuser' account with administrator privileges by default. If th...

This CVE describes a confused deputy vulnerability in Android Settings that allows local privilege escalation. An attacker could bypass permission che...

CVE-2024-43791 is a local privilege escalation vulnerability in request_store gem version 1.3.2 where world-writable file permissions (0666) allow loc...

This vulnerability in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) allows a local attacker to exploit an ins...

This vulnerability allows local users on Windows systems to escalate privileges to SYSTEM by exploiting weak permissions in a temporary folder used du...

The C•CURE 9000 installer uses overly permissive file permissions during installation, potentially allowing local attackers to modify critical files...

This vulnerability in langchain_experimental (LangChain Experimental) allows arbitrary Python code execution via REPL access without requiring explici...

This vulnerability allows authenticated users with local access to systems running vulnerable Intel GPA software to escalate privileges due to incorre...

This vulnerability allows third-party apps to perform arbitrary file read/write operations with system privileges on affected TCL Android devices. The...

This vulnerability in Oracle VM VirtualBox allows a low-privileged attacker with local access to a Linux host system to completely compromise the Virt...

This vulnerability in Secnet Security Network Intelligent AC Management System allows a local attacker to escalate privileges via the password compone...

CVE-2024-27674 is a privilege escalation vulnerability in Macro Expert software where unprivileged users can replace the MacroService.exe binary due t...

This CVE describes a privilege escalation vulnerability in iOS and iPadOS where an app could bypass security boundaries and gain elevated privileges. ...

This vulnerability involves incorrect directory permissions for the shared NI RabbitMQ service, allowing local authenticated users to read RabbitMQ co...

This vulnerability in Ivanti Secure Access Client allows attackers with control over a specific file to escalate privileges on affected systems. It af...

CVE-2023-41726 is a local privilege escalation vulnerability in Ivanti Avalanche caused by incorrect default permissions. An authenticated local attac...

A local privilege escalation vulnerability in Elliptic Labs Virtual Lock Sensor for Lenovo ThinkPad T14 Gen 3 allows attackers with physical or remote...

This vulnerability allows local attackers to escalate privileges to SYSTEM by exploiting weak folder permissions in Inosoft VisiWin 7 software. It aff...

This is a privilege escalation vulnerability in Apple operating systems that allows a local user to gain elevated privileges. It affects iOS, iPadOS, ...