Total
894 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34738 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-33503 | 1 Fortinet | 4 Fortianalyzer, Fortianalyzer Cloud, Fortimanager and 1 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands | |||||
| CVE-2024-32959 | 1 Sirv | 1 Sirv | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2. | |||||
| CVE-2024-32555 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9. | |||||
| CVE-2024-32507 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16. | |||||
| CVE-2024-32444 | 1 Inspirythemes | 1 Realhomes | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6. | |||||
| CVE-2024-32009 | 2026-06-17 | N/A | 7.8 HIGH | ||
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to a local privilege escalation due to wrongly set permissions to a binary which allows any local attacker to gain administrative privileges. | |||||
| CVE-2024-31912 | 1 Ibm | 1 Mq | 2026-06-17 | N/A | 7.5 HIGH |
| IBM MQ 9.3 LTS and 9.3 CD could allow an authenticated user to escalate their privileges under certain configurations due to incorrect privilege assignment. IBM X-Force ID: 289894. | |||||
| CVE-2024-31771 | 1 Totalav | 1 Totalav | 2026-06-17 | N/A | 7.8 HIGH |
| Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | |||||
| CVE-2024-31760 | 2026-06-17 | N/A | 4.7 MEDIUM | ||
| An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component. | |||||
| CVE-2024-31315 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In multiple functions of ManagedServices.java, there is a possible way to hide an app with notification access in the Device & app notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-2409 | 1 Stylemixthemes | 1 Masterstudy Lms | 2026-06-17 | N/A | 9.8 CRITICAL |
| The MasterStudy LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.1. This is due to insufficient validation checks within the _register_user() function called by the 'wp_ajax_nopriv_stm_lms_register' AJAX action. This makes it possible for unauthenticated attackers to register a user with administrator-level privileges when MasterStudy LMS Pro is installed and the LMS Forms Editor add-on is enabled. | |||||
| CVE-2024-29119 | 1 Siemens | 1 Spectrum Power 7 | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges. | |||||
| CVE-2024-28000 | 1 Litespeedtech | 1 Litespeed Cache | 2026-06-17 | N/A | 9.8 CRITICAL |
| Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1. | |||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-06-17 | N/A | 6.7 MEDIUM |
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | |||||
| CVE-2024-27453 | 1 Extremenetworks | 1 Extremexos | 2026-06-17 | N/A | 8.6 HIGH |
| In Extreme XOS through 22.6.1.4, a read-only user can escalate privileges to root via a crafted HTTP POST request to the python method of the Machine-to-Machine Interface (MMI). | |||||
| CVE-2024-27275 | 1 Ibm | 1 I | 2026-06-17 | N/A | 7.4 HIGH |
| IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | |||||
| CVE-2024-27273 | 1 Ibm | 2 Aix, Vios | 2026-06-17 | N/A | 8.1 HIGH |
| IBM AIX's Unix domain (AIX 7.2, 7.3, VIOS 3.1, and VIOS 4.1) datagram socket implementation could potentially expose applications using Unix domain datagram sockets with SO_PEERID operation and may lead to privilege escalation. IBM X-Force ID: 284903. | |||||
| CVE-2024-25660 | 1 Nokia | 1 Transcend Network Management System | 2026-06-17 | N/A | 9.0 CRITICAL |
| The WebDAV service in Infinera TNMS (Transcend Network Management System) 19.10.3 allows a low-privileged remote attacker to conduct unauthorized file operations, because of execution with unnecessary privileges. | |||||
| CVE-2024-25633 | 1 Elabftw | 1 Elabftw | 2026-06-17 | N/A | 5.4 MEDIUM |
| eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new, validated accounts in their team. If the system has anonymous access enabled (disabled by default) an unauthenticated user can create regular users in any team. This vulnerability has been fixed since version 5.0.0, released on February 17th 2024. Some workarounds are available. Disabling both options that allow *administrators* to create users will provide a mitigation. Additionally, disabling anonymous user access will stop anonymous access (including using existing access keys). | |||||