CWE-280: CWE-280

CVE-2025-58770 is a BIOS vulnerability in AMI APTIOV firmware that allows local attackers to bypass permission checks and escalate privileges. This af...

This vulnerability allows non-privileged users to use ptrace system calls to write to GPU read-only memory, potentially bypassing memory protection me...

This vulnerability allows unauthenticated attackers to read and write arbitrary files on affected devices via directory traversal in a web service end...

This vulnerability in Webmin's ajaxterm module allows unauthorized users to hijack console sessions when insufficient permissions are improperly handl...

This vulnerability allows authenticated users on Elspec G5 digital fault recorders to escalate privileges from user to administrative level by exploit...

This vulnerability in Dell Update Package (DUP) Framework allows low-privileged local attackers to elevate their privileges to higher levels. It affec...

Dell Update Package Framework versions before 22.01.02 contain a local privilege escalation vulnerability. A local low-privileged attacker can exploit...

This authentication bypass vulnerability in Moodle allows suspended users to authenticate through the LTI Provider, enabling unauthorized access to th...

A regression in FileRise version 1.4.0 allows low-privilege users to infer folder visibility and ownership based on folder names, potentially accessin...

CVE-2024-6302 is a privilege escalation vulnerability in Conduit Matrix servers where local users can redact any message from users on the same server...

This vulnerability allows an authenticated attacker with limited privileges to elevate their access rights on Windows systems through improper handlin...

A permissions vulnerability in macOS allows applications to gain root privileges through improper access restrictions. This affects macOS Tahoe and Se...

This vulnerability allows non-privileged users to exploit GPU driver flaws to write to arbitrary physical memory pages. It affects systems with Imagin...

CVE-2025-3931 is an authentication bypass vulnerability in Yggdrasil's DBus component that allows any local system user to dispatch messages to worker...

This CVE describes an improper authentication logic implementation in a file system module that could allow unauthorized access to sensitive data. Suc...

This CVE describes a memory write permission bypass vulnerability in the Linux kernel's futex (fast userspace mutex) module. Attackers could potential...

This vulnerability allows non-privileged software to perform unauthorized GPU system calls that can read and write arbitrary physical memory pages. Th...

This vulnerability allows non-privileged software to exploit GPU kernel driver flaws to write to read-only system files mapped into application memory...

This vulnerability allows local attackers to escalate privileges on Windows systems by placing malicious DLL files in the Foxit PDF update-service fol...

This vulnerability allows a process to gain administrative privileges without proper authentication on affected macOS versions. It affects macOS Ventu...

This CVE describes an intent redirection vulnerability in Android's DreamService component that allows local attackers to launch arbitrary protected a...

This GPU driver vulnerability allows non-privileged software to bypass read-only memory protections and gain write access to GPU memory buffers. This ...

Dell Repository Manager versions 3.4.7 and 3.4.8 contain a privilege escalation vulnerability where a low-privileged local attacker can gain elevated ...

An authenticated user without administrative privileges can change the administrator account name in affected systems. This vulnerability affects syst...

This vulnerability allows attackers to bypass package name verification in the HwIms module on Huawei devices running HarmonyOS. Successful exploitati...

This CVE describes an insufficient permission verification vulnerability in the app management module of Huawei/HarmonyOS devices. Successful exploita...

A vulnerability in the Common-Services 'So Flexibilite' module for PrestaShop allows remote attackers to access debug files containing sensitive infor...

This vulnerability in M-Files Client allows UI extension applications to bypass access permission checks, enabling privilege escalation. Attackers cou...

A permissions vulnerability in Xuxueli xxl-job versions 2.2.0, 2.3.0, and 2.3.1 allows attackers to obtain sensitive information via the pageList para...

This CVE describes an Insecure Direct Object Reference vulnerability in HYPR Server that allows authenticated attackers to add FIDO2 authenticators to...

CVE-2025-29826 is a privilege escalation vulnerability in Microsoft Dataverse where improper handling of insufficient permissions allows authenticated...

CVE-2021-37851 is a local privilege escalation vulnerability in ESET Windows security products that allows authenticated local users to exploit the re...

This GPU driver vulnerability allows non-privileged users to make improper GPU system calls that can write to arbitrary physical memory pages. This co...

This vulnerability in Samsung Telecom allows untrusted applications to launch arbitrary activities due to an unprotected dynamic receiver. It affects ...

This vulnerability in the Gutenberg Template Library & Redux Framework WordPress plugin allows users with 'edit_posts' capability (like contributors) ...

This vulnerability allows authenticated attackers to execute arbitrary commands as root on ABB AC500 V3 PLCs after exploiting CVE-2024-12429 (director...

Dell PowerScale OneFS versions 8.2x through 9.5x contain a local privilege escalation vulnerability. A local attacker with existing high privileges ca...

This vulnerability allows low-privileged users in Checkmk monitoring systems to access agent information through the REST API without proper authoriza...

This vulnerability allows remote authenticated users with Network Administrator privileges in Infinera G42 version R6.1.3 to read and write arbitrary ...

This vulnerability in Hitachi Vantara Pentaho Business Analytics Server allows attackers to cause denial of service by exploiting improper handling of...

This vulnerability allows users with Dynamic Group viewing permissions to see all member objects within those groups, bypassing normal object-level pe...

This vulnerability in JetBrains TeamCity allows GitHub App tokens to be used beyond their intended project scope, potentially enabling unauthorized ac...

This vulnerability allows low-privileged users in Checkmk to bypass permission checks on REST API endpoints, enabling unauthorized actions or access t...

CVE-2025-24029 is an improper permissions vulnerability in Tuleap that allows users (including anonymous users in public project dashboards) to access...

This vulnerability in Tuleap allows users to receive email notifications containing information they shouldn't have access to, potentially exposing se...