Total
2066 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31285 | 2025-04-07 | N/A | 4.6 MEDIUM | ||
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31283 | 2025-04-07 | N/A | 4.6 MEDIUM | ||
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31286 | 2025-04-07 | N/A | 4.6 MEDIUM | ||
| An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-31284 | 2025-04-07 | N/A | 4.6 MEDIUM | ||
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | |||||
| CVE-2025-3105 | 2025-04-07 | N/A | 8.8 HIGH | ||
| The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator. | |||||
| CVE-2025-24254 | 1 Apple | 1 Macos | 2025-04-07 | N/A | 8.8 HIGH |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. | |||||
| CVE-2025-29033 | 2025-04-04 | N/A | 7.3 HIGH | ||
| An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter. | |||||
| CVE-2019-1405 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more | 2025-04-04 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2023-22809 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2025-04-04 | N/A | 7.8 HIGH |
| In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | |||||
| CVE-2019-1215 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-04-03 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | |||||
| CVE-2023-22331 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | N/A | 7.5 HIGH |
| Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | |||||
| CVE-2022-25631 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-03 | N/A | 7.8 HIGH |
| Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | |||||
| CVE-2024-57062 | 1 Soundcloud | 1 Soundcloud | 2025-04-03 | N/A | 6.7 MEDIUM |
| An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. | |||||
| CVE-2024-27207 | 1 Google | 1 Android | 2025-04-03 | N/A | 9.1 CRITICAL |
| Exported broadcast receivers allowing malicious apps to bypass broadcast protection. | |||||
| CVE-2024-27210 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27222 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27224 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-27233 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-22008 | 1 Google | 1 Android | 2025-04-03 | N/A | 7.8 HIGH |
| In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-25987 | 1 Google | 1 Android | 2025-04-03 | N/A | 6.7 MEDIUM |
| In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | |||||