Total
2066 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-37058 | 1 Unionman | 2 Jlink Ax1800, Jlink Ax1800 Firmware | 2025-03-18 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. | |||||
| CVE-2023-24483 | 2 Citrix, Microsoft | 2 Virtual Apps And Desktops, Windows | 2025-03-18 | N/A | 7.8 HIGH |
| A vulnerability has been identified that, if exploited, could result in a local user elevating their privilege level to NT AUTHORITY\SYSTEM on a Citrix Virtual Apps and Desktops Windows VDA. | |||||
| CVE-2024-57602 | 1 Easyappointments | 1 Easyappointments | 2025-03-18 | N/A | 9.8 CRITICAL |
| An issue in Alex Tselegidis EasyAppointments v.1.5.0 allows a remote attacker to escalate privileges via the index.php file. | |||||
| CVE-2023-20655 | 2 Google, Mediatek | 60 Android, Mt2715, Mt6580 and 57 more | 2025-03-17 | N/A | 7.8 HIGH |
| In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022. | |||||
| CVE-2024-48828 | 2025-03-17 | N/A | 5.5 MEDIUM | ||
| Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized access. | |||||
| CVE-2021-20021 | 1 Sonicwall | 2 Email Security, Hosted Email Security | 2025-03-14 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. | |||||
| CVE-2024-54560 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-03-14 | N/A | 5.5 MEDIUM |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, watchOS 11, tvOS 18, macOS Sequoia 15. A malicious app may be able to modify other apps without having App Management permission. | |||||
| CVE-2024-4259 | 1 Sambas | 1 Akos | 2025-03-14 | N/A | 9.8 CRITICAL |
| Improper Privilege Management vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7. | |||||
| CVE-2024-13376 | 2025-03-14 | N/A | 8.8 HIGH | ||
| The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2023-51776 | 2 Jungo, Mitsubishielectric | 43 Windriver, Cpu Module Logging Configuration Tool, Cw Configurator and 40 more | 2025-03-13 | N/A | 7.8 HIGH |
| Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code. | |||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-03-13 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2023-52543 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 6.2 MEDIUM |
| Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-29779 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-21892 | 2 Linux, Nodejs | 2 Linux Kernel, Node.js | 2025-03-13 | N/A | 7.8 HIGH |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | |||||
| CVE-2023-21113 | 1 Google | 1 Android | 2025-03-13 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2018-9375 | 2025-03-13 | N/A | 7.8 HIGH | ||
| In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2023-52716 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-48903 | 2025-03-13 | N/A | 7.8 HIGH | ||
| An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2024-33224 | 2025-03-13 | N/A | 8.4 HIGH | ||
| An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | |||||
| CVE-2024-21059 | 1 Oracle | 1 Solaris | 2025-03-13 | N/A | 7.8 HIGH |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||