Total
2102 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-9500 | 1 Autodesk | 1 Installer | 2025-07-30 | N/A | 7.2 HIGH |
| A maliciously crafted DLL file when placed in temporary files and folders that are leveraged by the Autodesk Installer could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to insecure privilege management. | |||||
| CVE-2025-22165 | 1 Atlassian | 1 Sourcetree | 2025-07-30 | N/A | 7.3 HIGH |
| This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives . You can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives . This vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE). | |||||
| CVE-2023-35674 | 1 Google | 1 Android | 2025-07-30 | N/A | 7.8 HIGH |
| In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-32849 | 2025-07-30 | N/A | 7.8 HIGH | ||
| Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2021-3978 | 1 Cloudflare | 1 Octorpki | 2025-07-29 | N/A | 7.5 HIGH |
| When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. | |||||
| CVE-2024-9431 | 1 Superagi | 1 Superagi | 2025-07-29 | N/A | 8.8 HIGH |
| In version v0.0.14 of transformeroptimus/superagi, there is an improper privilege management vulnerability. After logging into the system, users can change the passwords of other users, leading to potential account takeover. | |||||
| CVE-2025-32353 | 2025-07-29 | N/A | 4.8 MEDIUM | ||
| Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file. | |||||
| CVE-2024-7048 | 1 Openwebui | 1 Open Webui | 2025-07-29 | N/A | 5.4 MEDIUM |
| In version v0.3.8 of open-webui, an improper privilege management vulnerability exists in the API endpoints GET /api/v1/documents/ and POST /rag/api/v1/doc. This vulnerability allows a lower-privileged user to access and overwrite files managed by a higher-privileged admin. By exploiting this vulnerability, an attacker can view metadata of files uploaded by an admin and overwrite these files, compromising the integrity and availability of the RAG models. | |||||
| CVE-2025-50062 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Global Payroll Core | 2025-07-29 | N/A | 8.1 HIGH |
| Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||
| CVE-2024-13975 | 2025-07-29 | N/A | N/A | ||
| A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8. | |||||
| CVE-2025-7784 | 2025-07-29 | N/A | 6.5 MEDIUM | ||
| A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. | |||||
| CVE-2014-9193 | 1 Innominate | 1 Mguard Firmware | 2025-07-28 | 8.5 HIGH | N/A |
| Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |||||
| CVE-2023-50677 | 1 Netgear | 2 Dgnd4000, Dgnd4000 Firmware | 2025-07-28 | N/A | 8.8 HIGH |
| An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | |||||
| CVE-2024-48730 | 2025-07-25 | N/A | 6.5 MEDIUM | ||
| An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via not imposing any restrictions on the authentication attempts performed by an admin user | |||||
| CVE-2024-48729 | 2025-07-25 | N/A | 7.1 HIGH | ||
| An issue in ETSI Open-Source MANO (OSM) v.14.x, v.15.x allows a remote attacker to escalate privileges via the /osm/admin/v1/users component | |||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2025-07-25 | N/A | 8.8 HIGH |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | |||||
| CVE-2024-8068 | 1 Citrix | 1 Session Recording | 2025-07-25 | N/A | 8.0 HIGH |
| Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain | |||||
| CVE-2024-6677 | 1 Citrix | 1 Uberagent | 2025-07-25 | N/A | 7.8 HIGH |
| Privilege escalation in uberAgent | |||||
| CVE-2024-6286 | 1 Citrix | 1 Workspace | 2025-07-25 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | |||||
| CVE-2024-6151 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-07-25 | N/A | 7.8 HIGH |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | |||||