Total
2268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62686 | 2 Apple, Plugin-alliance | 2 Macos, Installation Manager | 2025-12-18 | N/A | 6.2 MEDIUM |
| A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges. | |||||
| CVE-2025-67792 | 1 Drivelock | 1 Drivelock | 2025-12-18 | N/A | 7.8 HIGH |
| An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers. | |||||
| CVE-2023-53908 | 2025-12-18 | N/A | 6.5 MEDIUM | ||
| HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level. | |||||
| CVE-2025-43512 | 1 Apple | 1 Macos | 2025-12-17 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to elevate privileges. | |||||
| CVE-2023-47267 | 1 Thegreenbow | 1 Thegreenbow Vpn Client | 2025-12-17 | N/A | 9.8 CRITICAL |
| An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. | |||||
| CVE-2025-12381 | 2 Algosec, Linux | 2 Firewall Analyzer, Linux Kernel | 2025-12-17 | N/A | 7.8 HIGH |
| Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10. | |||||
| CVE-2021-38638 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8.1 and 6 more | 2025-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | |||||
| CVE-2021-34487 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2025-12-16 | 4.6 MEDIUM | 7.0 HIGH |
| Windows Event Tracing Elevation of Privilege Vulnerability | |||||
| CVE-2015-10139 | 1 Vibethemes | 1 Wordpress Learning Management System | 2025-12-16 | N/A | 8.8 HIGH |
| The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account. | |||||
| CVE-2025-59693 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-15 | N/A | 9.8 CRITICAL |
| The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02. | |||||
| CVE-2025-12952 | 2025-12-12 | N/A | N/A | ||
| A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level to project-level, granting them unauthorized access to manage resources in services associated with the project, leading to unexpected costs and resource depletion for the producer project. A fix was applied on the server side to protect from this vulnerability in February 2025. No customer action is required. | |||||
| CVE-2025-13764 | 2025-12-12 | N/A | 9.8 CRITICAL | ||
| The WP CarDealer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.2.16. This is due to the 'WP_CarDealer_User::process_register' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. | |||||
| CVE-2024-0353 | 1 Eset | 9 Endpoint Antivirus, Endpoint Security, File Security and 6 more | 2025-12-10 | N/A | 7.8 HIGH |
| Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | |||||
| CVE-2025-66324 | 1 Huawei | 1 Harmonyos | 2025-12-09 | N/A | 8.4 HIGH |
| Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | |||||
| CVE-2025-59705 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 6.8 MEDIUM |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01. | |||||
| CVE-2025-59697 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2025-12-08 | N/A | 7.2 HIGH |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | |||||
| CVE-2025-13292 | 2025-12-08 | N/A | N/A | ||
| A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action is required for this. | |||||
| CVE-2024-32959 | 1 Sirv | 1 Sirv | 2025-12-06 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. | |||||
| CVE-2025-64336 | 1 Oxygenz | 1 Clipbucket | 2025-12-05 | N/A | 5.4 MEDIUM |
| ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147. | |||||
| CVE-2018-1000141 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 7.5 HIGH | 9.1 CRITICAL |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | |||||