Total
2270 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24258 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. | |||||
| CVE-2025-24119 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||||
| CVE-2019-15790 | 2 Apport Project, Canonical | 2 Apport, Ubuntu Linux | 2025-11-03 | 2.1 LOW | 2.8 LOW |
| Apport reads and writes information on a crashed process to /proc/pid with elevated privileges. Apport then determines which user the crashed process belongs to by reading /proc/pid through get_pid_info() in data/apport. An unprivileged user could exploit this to read information about a privileged running process by exploiting PID recycling. This information could then be used to obtain ASLR offsets for a process with an existing memory corruption vulnerability. The initial fix introduced regressions in the Python Apport library due to a missing argument in Report.add_proc_environ in apport/report.py. It also caused an autopkgtest failure when reading /proc/pid and with Python 2 compatibility by reading /proc maps. The initial and subsequent regression fixes are in 2.20.11-0ubuntu16, 2.20.11-0ubuntu8.6, 2.20.9-0ubuntu7.12, 2.20.1-0ubuntu2.22 and 2.14.1-0ubuntu3.29+esm3. | |||||
| CVE-2025-9966 | 2025-11-03 | N/A | N/A | ||
| Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2. | |||||
| CVE-2025-52555 | 2025-11-03 | N/A | 6.5 MEDIUM | ||
| Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3. | |||||
| CVE-2025-43333 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. | |||||
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-10-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | |||||
| CVE-2025-1732 | 1 Zyxel | 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more | 2025-10-30 | N/A | 6.7 MEDIUM |
| An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. | |||||
| CVE-2025-30475 | 1 Dell | 1 Insightiq | 2025-10-30 | N/A | 8.1 HIGH |
| Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges. | |||||
| CVE-2025-1037 | 2025-10-30 | N/A | N/A | ||
| By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the ability to run user level shell commands can enable access via secure shell (SSH) to an unrestricted root shell. This is possible through abuse of a particular set of scripts and executables that allow for certain commands to be run as root from an unprivileged context. | |||||
| CVE-2025-61429 | 2025-10-30 | N/A | 8.8 HIGH | ||
| An issue in NCR Atleos Terminal Manager (ConfigApp) v3.4.0 allows attackers to escalate privileges via a crafted request. | |||||
| CVE-2019-1215 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. | |||||
| CVE-2019-1388 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 11 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'. | |||||
| CVE-2019-1405 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more | 2025-10-29 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2025-5496 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-28 | N/A | 3.3 LOW |
| ZohoCorp ManageEngine Endpoint Central versions earlier than 11.4.2508.14, 11.4.2516.06, and 11.4.2518.01 are affected by an arbitrary file deletion vulnerability in the agent setup component. | |||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-38014 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-49035 | 1 Microsoft | 1 Partner Center | 2025-10-28 | N/A | 8.7 HIGH |
| An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | |||||
| CVE-2021-43768 | 2025-10-27 | N/A | 5.3 MEDIUM | ||
| In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe. | |||||
| CVE-2025-9068 | 1 Rockwellautomation | 1 Factorytalk Linx | 2025-10-24 | N/A | 7.8 HIGH |
| A security issue exists within the Rockwell Automation Driver Package x64 Microsoft Installer File (MSI) repair functionality, installed with FTLinx. Authenticated attackers with valid Windows Users credentials can initiate a repair and hijack the resulting console window for vbpinstall.exe. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources. | |||||