Total
245 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-46696 | 1 Dell | 1 Secure Connect Gateway | 2026-02-03 | N/A | 6.4 MEDIUM |
| Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-8486 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | N/A | 7.8 HIGH |
| A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2025-12420 | 1 Servicenow | 2 Now Assist Ai Agents, Virtual Agent Api | 2026-01-27 | N/A | 9.8 CRITICAL |
| A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another user and perform the operations that the impersonated user is entitled to perform. ServiceNow has addressed this vulnerability by deploying a relevant security update to hosted instances in October 2025. Security updates have also been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Additionally, the vulnerability is addressed in the listed Store App versions. We recommend that customers promptly apply an appropriate security update or upgrade if they have not already done so. | |||||
| CVE-2025-40942 | 1 Siemens | 1 Telecontrol Server Basic | 2026-01-22 | N/A | 8.8 HIGH |
| A vulnerability has been identified in TeleControl Server Basic (All versions < V3.1.2.4). Affected application contains a local privilege escalation vulnerability that could allow an attacker to run arbitrary code with elevated privileges. | |||||
| CVE-2025-43017 | 1 Hp | 1 Thinpro | 2026-01-21 | N/A | 9.8 CRITICAL |
| HP ThinPro 8.1 System management application failed to verify user's true id. HP has released HP ThinPro 8.1 SP8, which includes updates to mitigate potential vulnerabilities. | |||||
| CVE-2025-43990 | 1 Dell | 1 Command Monitor | 2026-01-21 | N/A | 7.3 HIGH |
| Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2025-33223 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | N/A | 9.8 CRITICAL |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | |||||
| CVE-2025-33224 | 1 Nvidia | 1 Isaac Launchable | 2026-01-15 | N/A | 9.8 CRITICAL |
| NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering. | |||||
| CVE-2025-3892 | 1 Axis | 1 Axis Os | 2026-01-13 | N/A | 6.7 MEDIUM |
| ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | |||||
| CVE-2025-40602 | 1 Sonicwall | 9 Sma6200, Sma6200 Firmware, Sma6210 and 6 more | 2025-12-19 | N/A | 6.6 MEDIUM |
| A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). | |||||
| CVE-2025-36356 | 1 Ibm | 4 Security Verify Access, Security Verify Access Docker, Verify Identity Access and 1 more | 2025-12-15 | N/A | 9.3 CRITICAL |
| IBM Security Verify Access and IBM Security Verify Access Docker 10.0.0.0 through 10.0.9.0 and 11.0.0.0 through 11.0.1.0 could allow a locally authenticated user to escalate their privileges to root due to execution with more privileges than required. | |||||
| CVE-2025-36137 | 1 Ibm | 1 Sterling Connect\ | 2025-12-12 | N/A | 7.2 HIGH |
| IBM Sterling Connect Direct for Unix 6.2.0.7 through 6.2.0.9 iFix004, 6.4.0.0 through 6.4.0.2 iFix001, and 6.3.0.2 through 6.3.0.5 iFix002 incorrectly assigns permissions for maintenance tasks to Control Center Director (CCD) users that could allow a privileged user to escalate their privileges further due to unnecessary privilege assignment for post update scripts. | |||||
| CVE-2025-48573 | 1 Google | 1 Android | 2025-12-10 | N/A | 7.8 HIGH |
| In sendCommand of MediaSessionRecord.java, there is a possible way to launch the foreground service while the app is in the background due to FGS while-in-use abuse. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36186 | 1 Ibm | 1 Db2 | 2025-11-18 | N/A | 7.4 HIGH |
| IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level. | |||||
| CVE-2025-46430 | 1 Dell | 1 Display And Peripheral Manager | 2025-11-12 | N/A | 7.3 HIGH |
| Dell Display and Peripheral Manager, versions prior to 2.1.2.12, contains an Execution with Unnecessary Privileges vulnerability in the Installer. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | |||||
| CVE-2025-10885 | 1 Autodesk | 1 Installer | 2025-11-12 | N/A | 7.8 HIGH |
| A maliciously crafted file, when executed on the victim's machine, can lead to privilege escalation to NT AUTHORITY/SYSTEM due to an insufficient validation of loaded binaries. An attacker with local and low-privilege access could exploit this to execute code as SYSTEM. | |||||
| CVE-2025-34515 | 1 Ilevia | 2 Eve X1 Server, Eve X1 Server Firmware | 2025-11-06 | N/A | 9.8 CRITICAL |
| Ilevia EVE X1 Server firmware versions ≤ 4.7.18.0.eden contain an execution with unnecessary privileges vulnerability in sync_project.sh that allows an attacker to escalate privileges to root. Ilevia has declined to service this vulnerability, and recommends that customers not expose port 8080 to the internet. | |||||
| CVE-2025-34274 | 1 Nagios | 1 Log Server | 2025-11-06 | N/A | 9.8 CRITICAL |
| Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration injection, or a vulnerability in input parsing - the attacker could execute code with root privileges, resulting in full system compromise. The Logstash service has been altered to run as the lower-privileged 'nagios' user to reduce this risk associated with a network-facing service that can accept untrusted input or load third-party components. | |||||
| CVE-2025-33003 | 1 Ibm | 1 Infosphere Information Server | 2025-11-05 | N/A | 7.8 HIGH |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges. | |||||
| CVE-2018-25123 | 1 Nagios | 1 Nagios Xi | 2025-11-05 | N/A | 7.8 HIGH |
| Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges. | |||||