CWE-863: Incorrect Authorization

CVE-2025-14305 is a local privilege escalation vulnerability in Acer's ListCheck.exe. Authenticated local attackers can replace this executable with m...

A permissions vulnerability in macOS allows malicious applications to escalate privileges to root access. This affects macOS systems running versions ...

This CVE describes a cross-user permission bypass vulnerability in Android's Settings app that allows local privilege escalation without user interact...

This CVE-2025-6018 is a Local Privilege Escalation vulnerability in pam-config that allows unprivileged local users (e.g., SSH users) to gain elevated...

A local privilege escalation vulnerability in FortiClient for macOS allows attackers with local access to gain elevated privileges by sending speciall...

A vulnerability in NVIDIA GPU Display Driver for Linux allows unprivileged attackers to escalate permissions, potentially leading to code execution, d...

This vulnerability allows a malicious application to gain root privileges on affected macOS systems. It affects macOS Sonoma versions before 14.6. The...

This vulnerability in Parallels Desktop for macOS on Intel platforms allows local attackers to escalate privileges to root during VM creation. It affe...

This vulnerability allows low-privileged administrators in FortiSandbox to execute elevated CLI commands through the GUI console menu due to incorrect...

This is a memory handling vulnerability in Apple operating systems that allows an application to execute arbitrary code with kernel privileges. Attack...

CVE-2018-9374 is an Android permissions bypass vulnerability in the PackageManagerService that allows local privilege escalation. Attackers can instal...

This Android vulnerability allows malicious apps to retain permissions that should have been revoked during system updates, potentially leading to loc...

This vulnerability in Ivanti DSM allows authenticated local users to execute arbitrary code with elevated privileges due to insecure access control li...

OpenCanary versions before 0.9.4 have a privilege escalation vulnerability where an unprivileged user can modify the configuration file, which is then...

RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability that allows unauthorized processes to execute within the s...

This vulnerability in Xcode allows malicious applications to bypass security controls and access Keychain items containing sensitive user data like pa...

This vulnerability allows a local attacker to bypass authentication mechanisms in Caterease software, potentially gaining unauthorized access to the s...

A permissions checking vulnerability in Apple operating systems allows malicious applications to gain root privileges. This affects macOS, iOS, and iP...

A Linux kernel vulnerability in tracefs where file permissions aren't properly reset during remount operations. This allows files with previously modi...

MSI Afterburner v4.6.6.16381 Beta 3 contains an ACL bypass vulnerability in its RTCore64.sys driver that allows low-privileged users to trigger additi...

This vulnerability in BossCMS v1.3.0 allows a local attacker to execute arbitrary code and escalate privileges through insecure permissions in the adm...

CVE-2023-21390 is a permission bypass vulnerability in Android's SIM component that allows attackers to evade mobile preference restrictions without u...

This vulnerability allows an attacker with physical access to bypass the Android device lockscreen without authentication. It affects Android devices ...

CVE-2023-2640 is a privilege escalation vulnerability in Ubuntu's overlayfs implementation where unprivileged users can set privileged extended attrib...

This Android vulnerability allows malicious apps to retain one-time permissions after being killed, enabling local privilege escalation without user i...

This vulnerability in Android's Settings app allows attackers to launch arbitrary activities through a logic error in SettingsHomepageActivity.java. I...

This Android kernel vulnerability allows attackers to bypass the protected confirmation screen by exploiting a failure to lock display power. This cou...

This CVE describes a privilege escalation vulnerability in iTunes for Windows where a malicious application could exploit a logic flaw to gain elevate...

This CVE describes BIOS vulnerabilities in certain HP PC products that could allow attackers to execute arbitrary code, escalate privileges, cause den...

This CVE describes BIOS vulnerabilities in certain HP PC products that could allow attackers to execute arbitrary code, escalate privileges, cause den...

This vulnerability in CrossX v1.15.3 for Android allows a local attacker to escalate privileges by manipulating database files. The flaw enables unaut...

This vulnerability allows isolated processes on Android 13 devices to register broadcast receivers without proper permissions, bypassing security rest...

This CVE describes a local privilege escalation vulnerability in VMware Fusion where an attacker with read/write access to the host OS can elevate pri...

This vulnerability allows malicious apps to bypass Android's background activity launch restrictions using a specially crafted PendingIntent. It enabl...

This vulnerability allows local attackers to bypass sensor permissions on Android 13 devices, potentially accessing sensitive sensor data without prop...

This vulnerability allows local attackers to bypass DISALLOW_CONTENT_CAPTURE restrictions on Android devices, potentially enabling unauthorized conten...

This Android vulnerability allows local attackers to obtain dangerous permissions without user consent due to a logic error in the permission removal ...

This vulnerability in Android's Telecom component allows local attackers to escalate privileges without user interaction by exploiting a missing permi...

CVE-2019-25058 is a privilege escalation vulnerability in USBGuard versions before 1.1.0 where the usbguard-dbus daemon allows unprivileged users to m...

CVE-2021-3560 is a privilege escalation vulnerability in polkit's D-Bus authentication mechanism that allows unprivileged local users to bypass creden...

This vulnerability in VMware ESXi allows attackers with VMX process privileges to access the settingsd service running with high privileges. This coul...

This CVE describes a local privilege escalation vulnerability in Avast Antivirus where an attacker with local access can bypass Avast's self-defense m...

This vulnerability allows local attackers to bypass permissions and reset VPN profiles on Android devices, potentially gaining control over always-on ...

CVE-2021-26273 is an incorrect access control vulnerability in NinjaRMM Agent 5.0.909 that allows local privilege escalation. Attackers can exploit th...

CVE-2010-2525 is a privilege escalation vulnerability in the GFS2 file system's ACL handling. An unprivileged local attacker can exploit this flaw to ...

This vulnerability allows an authenticated attacker to escalate privileges on Windows systems by exploiting a flaw in the Container Manager Service. A...

CVE-2021-27086 is an elevation of privilege vulnerability in the Windows Service Control Manager (SCM) that allows authenticated attackers to bypass r...

This vulnerability in the unofficial SwiftFormat extension for Visual Studio Code allows remote attackers to execute arbitrary code by tricking users ...

CVE-2021-26025 is a memory corruption vulnerability in ACDSee Professional 2021's image processing component. When processing a specially crafted BMP ...

This vulnerability in GitLab EE allows authenticated users with read-only API tokens to perform unauthorized write operations on vulnerability records...