Total
2612 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27657 | 1 Johnsoncontrols | 1 Metasys | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| Successful exploitation of this vulnerability could give an authenticated Metasys user an unintended level of access to the server file system, allowing them to access or modify system files by sending specifically crafted web messages to the Metasys system. This issue affects: Johnson Controls Metasys version 11.0 and prior versions. | |||||
| CVE-2021-27454 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| The software performs an operation at a privilege level higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses on the Reason DR60 (all firmware versions prior to 02A04.1). | |||||
| CVE-2021-27448 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| A miscommunication in the file system allows adversaries with access to the MU320E to escalate privileges on the MU320E (all firmware versions prior to v04A00.1). | |||||
| CVE-2021-27394 | 1 Mendix | 1 Mendix | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23.19), Mendix Applications using Mendix 8 (All versions < V8.17.0), Mendix Applications using Mendix 8 (V8.12) (All versions < V8.12.5), Mendix Applications using Mendix 8 (V8.6) (All versions < V8.6.9), Mendix Applications using Mendix 9 (All versions < V9.0.5). Authenticated, non-administrative users could modify their privileges by manipulating the user role under certain circumstances, allowing them to gain administrative privileges. | |||||
| CVE-2021-27192 | 2 Microsoft, Netop | 2 Windows, Vision Pro | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Local privilege escalation vulnerability in Windows clients of Netop Vision Pro up to and including 9.7.1 allows a local user to gain administrator privileges whilst using the clients. | |||||
| CVE-2021-27077 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-26936 | 1 Replaysorcery Project | 1 Replaysorcery | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations. | |||||
| CVE-2021-26863 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2026-06-17 | 7.2 HIGH | 7.0 HIGH |
| Windows Win32k Elevation of Privilege Vulnerability | |||||
| CVE-2021-26758 | 1 Litespeedtech | 1 Openlitespeed | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| Privilege Escalation in LiteSpeed Technologies OpenLiteSpeed web server version 1.7.8 allows attackers to gain root terminal access and execute commands on the host system. | |||||
| CVE-2021-26594 | 1 Rangerstudio | 1 Directus | 2026-06-17 | 6.5 MEDIUM | 8.8 HIGH |
| In Directus 8.x through 8.8.1, an attacker can switch to the administrator role (via the PATCH method) without any control by the back end. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-26441 | 1 Microsoft | 9 Windows 10, Windows 11, Windows 8.1 and 6 more | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Storage Spaces Controller Elevation of Privilege Vulnerability | |||||
| CVE-2021-25651 | 1 Avaya | 1 Aura Utility Services | 2026-06-17 | 4.6 MEDIUM | 8.0 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-25650 | 1 Avaya | 1 Aura Utility Services | 2026-06-17 | 4.6 MEDIUM | 7.7 HIGH |
| A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to execute specially crafted scripts as a privileged user. Affects all 7.x versions of Avaya Aura Utility Services | |||||
| CVE-2021-25630 | 1 Collaboraoffice | 1 Online | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| "loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges. | |||||
| CVE-2021-25513 | 1 Google | 1 Android | 2026-06-17 | 2.1 LOW | 2.4 LOW |
| An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | |||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2026-06-17 | 7.5 HIGH | 5.3 MEDIUM |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | |||||
| CVE-2021-25429 | 1 Google | 1 Android | 2026-06-17 | 3.3 LOW | 4.3 MEDIUM |
| Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||||
| CVE-2021-25428 | 1 Google | 1 Android | 2026-06-17 | 4.6 MEDIUM | 7.8 HIGH |
| Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||||
| CVE-2021-25377 | 2 Google, Samsung | 2 Android, Experience Service | 2026-06-17 | 4.6 MEDIUM | 3.3 LOW |
| Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action. | |||||
| CVE-2021-25363 | 1 Google | 1 Android | 2026-06-17 | 3.6 LOW | 6.8 MEDIUM |
| An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. | |||||