Total
2550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20021 | 2 Google, Mediatek | 46 Android, Mt6768, Mt6781 and 43 more | 2026-06-17 | N/A | 6.7 MEDIUM |
| In atf spm, there is a possible way to remap physical memory to virtual memory due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08584568; Issue ID: MSV-1249. | |||||
| CVE-2024-1764 | 1 Devolutions | 1 Devolutions Server | 2026-06-17 | N/A | 7.6 HIGH |
| Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances | |||||
| CVE-2024-1575 | 1 Zyxel | 40 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 37 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70(ACGG.3) and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device. | |||||
| CVE-2024-1505 | 1 Kodezen | 1 Academy Lms | 2026-06-17 | N/A | 8.8 HIGH |
| The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator. | |||||
| CVE-2024-1442 | 1 Grafana | 1 Grafana | 2026-06-17 | N/A | 6.0 MEDIUM |
| A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. | |||||
| CVE-2024-1138 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. | |||||
| CVE-2024-14009 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | N/A | 7.2 HIGH |
| Nagios XI versions prior to 2024R1.0.1 contain a privilege escalation vulnerability in the System Profile component. The System Profile feature is an administrative diagnostic/configuration capability. Due to improper access controls and unsafe handling of exported/imported profile data and operations, an authenticated administrator could exploit this vulnerability to execute actions on the underlying XI host outside the application's security scope. Successful exploitation may allow an administrator to obtain root privileges on the XI server. | |||||
| CVE-2024-14004 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | N/A | 8.8 HIGH |
| Nagios XI versions prior to 2024R1.2 contain a privilege escalation vulnerability related to NagVis configuration handling (nagvis.conf). An authenticated user could manipulate NagVis configuration data or leverage insufficiently validated configuration settings to obtain elevated privileges on the Nagios XI system. | |||||
| CVE-2024-13997 | 1 Nagios | 1 Nagios Xi | 2026-06-17 | N/A | 7.2 HIGH |
| Nagios XI versions prior to 2024R1.1.3 contain a privilege escalation vulnerability in which an authenticated administrator could leverage the Migrate Server feature to obtain root privileges on the underlying XI host. By abusing the migration workflow, an admin-level attacker could execute actions outside the intended security scope of the application, resulting in full control of the operating system. | |||||
| CVE-2024-13975 | 2026-06-17 | N/A | N/A | ||
| A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8. | |||||
| CVE-2024-13835 | 1 Wpexpertplugins | 1 Post Meta Data Manager | 2026-06-17 | N/A | 7.2 HIGH |
| The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible. | |||||
| CVE-2024-13376 | 2026-06-17 | N/A | 8.8 HIGH | ||
| The Industrial theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the _ajax_get_total_content_import_items() function in all versions up to, and including, 1.7.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-13343 | 1 Vanquish | 1 Woocommerce Customers Manager | 2026-06-17 | N/A | 8.8 HIGH |
| The WooCommerce Customers Manager plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_assign_new_roles() function in all versions up to, and including, 31.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to elevate their privileges to that of an administrator. | |||||
| CVE-2024-13058 | 2026-06-17 | N/A | N/A | ||
| An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. | |||||
| CVE-2024-12786 | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. | |||||
| CVE-2024-12398 | 1 Zyxel | 46 Nwa110ax, Nwa110ax Firmware, Nwa1123acv3 and 43 more | 2026-06-17 | N/A | 8.8 HIGH |
| An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. | |||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2026-06-17 | N/A | 8.8 HIGH |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | |||||
| CVE-2024-12281 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Administrator, Editor, or Shop Manager role. | |||||
| CVE-2024-11951 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | |||||
| CVE-2024-11721 | 1 Dynamiapps | 1 Frontend Admin | 2026-06-17 | N/A | 8.1 HIGH |
| The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | |||||