Total
97 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-6573 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE). | |||||
| CVE-2024-6660 | 1 Reputeinfosystems | 1 Bookingpress | 2026-04-08 | N/A | 8.8 HIGH |
| The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the bookingpress_import_data_continue_process_func function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site and upload arbitrary files. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | |||||
| CVE-2024-4468 | 1 Salonbookingsystem | 1 Salon Booking System | 2026-04-08 | N/A | 4.3 MEDIUM |
| The Salon booking system plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on several functions hooked into admin_init in all versions up to, and including, 9.9. This makes it possible for authenticated attackers with subscriber access or higher to modify plugin settings and view discount codes intended for other users. | |||||
| CVE-2026-24096 | 1 Checkmk | 1 Checkmk | 2026-04-07 | N/A | 8.8 HIGH |
| Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0 before version 2.4.0p25 allows low-privileged users to perform unauthorized actions or obtain sensitive information | |||||
| CVE-2026-2123 | 2 Microfocus, Microsoft | 2 Operations Agent, Windows | 2026-04-03 | N/A | 7.8 HIGH |
| A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions Operations Agent may run executables from specific writeable locations.Thanks to Manuel Rickli & Philippe Leiser of Oneconsult AG for reporting this vulnerability | |||||
| CVE-2025-43527 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to gain root privileges. | |||||
| CVE-2025-30453 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 7.8 HIGH |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2024-27837 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.5. A local attacker may gain access to Keychain items. | |||||
| CVE-2026-3190 | 1 Redhat | 1 Build Of Keycloak | 2026-04-02 | N/A | 4.3 MEDIUM |
| A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. | |||||
| CVE-2026-21736 | 1 Imaginationtech | 1 Ddk | 2026-03-10 | N/A | 4.4 MEDIUM |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the memory protections for the user-mode wrapped memory resource. | |||||
| CVE-2026-0047 | 1 Google | 1 Android | 2026-03-06 | N/A | 8.4 HIGH |
| In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2026-1772 | 1 Hitachienergy | 8 Rtu520, Rtu520 Firmware, Rtu530 and 5 more | 2026-02-27 | N/A | 5.3 MEDIUM |
| RTU500 web interface: An unprivileged user can read user management information. The information cannot be accessed via the RTU500 web user interface but requires further tools like browser development utilities to access them without required privileges. | |||||
| CVE-2026-23857 | 1 Dell | 1 Update Package Framework | 2026-02-18 | N/A | 8.2 HIGH |
| Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2025-49731 | 1 Microsoft | 1 Teams | 2026-02-13 | N/A | 3.1 LOW |
| Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-27024 | 1 Nokia | 2 G42, G42 Firmware | 2026-02-11 | N/A | 6.5 MEDIUM |
| Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. | |||||
| CVE-2025-67848 | 1 Moodle | 1 Moodle | 2026-02-11 | N/A | 8.1 HIGH |
| A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools Interoperability (LTI) Provider. The issue arises from the LTI authentication handlers failing to enforce the user's suspension status, enabling unauthorized access to the system. This can lead to information disclosure or other unauthorized actions by users who should be restricted. | |||||
| CVE-2025-46066 | 1 Automai | 1 Director | 2026-01-21 | N/A | 9.9 CRITICAL |
| An issue in Automai Director v.25.2.0 allows a remote attacker to escalate privileges | |||||
| CVE-2026-20817 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 5 more | 2026-01-14 | N/A | 7.8 HIGH |
| Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-58770 | 1 Ami | 1 Aptio V | 2026-01-12 | N/A | 8.8 HIGH |
| APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability. | |||||
| CVE-2025-58410 | 1 Imaginationtech | 1 Ddk | 2026-01-12 | N/A | 7.5 HIGH |
| Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource. | |||||