Total
40 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-7344 | 2026-04-15 | N/A | 8.8 HIGH | ||
| The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API. | |||||
| CVE-2022-26323 | 2026-04-15 | N/A | N/A | ||
| Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation. The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05. | |||||
| CVE-2026-35669 | 1 Openclaw | 1 Openclaw | 2026-04-13 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in gateway-authenticated plugin HTTP routes that incorrectly mint operator.admin runtime scope regardless of caller-granted scopes. Attackers can exploit this scope boundary bypass to gain elevated privileges and perform unauthorized administrative actions. | |||||
| CVE-2026-35663 | 1 Openclaw | 1 Openclaw | 2026-04-13 | N/A | 8.8 HIGH |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges. | |||||
| CVE-2026-20126 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-03-04 | N/A | 8.8 HIGH |
| A vulnerability in Cisco Catalyst SD-WAN Manager could allow an authenticated, local attacker with low privileges to gain root privileges on the underlying operating system. This vulnerability is due to an insufficient user authentication mechanism in the REST API. An attacker could exploit this vulnerability by sending a request to the REST API of the affected system. A successful exploit could allow the attacker to gain root privileges on the underlying operating system. | |||||
| CVE-2026-22922 | 1 Apache | 1 Airflow | 2026-02-11 | N/A | 6.5 MEDIUM |
| Apache Airflow versions 3.1.0 through 3.1.6 contain an authorization flaw that can allow an authenticated user with custom permissions limited to task access to view task logs without having task log access. Users are recommended to upgrade to Apache Airflow 3.1.7 or later, which resolves this issue. | |||||
| CVE-2025-54769 | 1 Xorux | 1 Lpar2rrd | 2025-11-03 | N/A | 8.8 HIGH |
| An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker. | |||||
| CVE-2025-54768 | 1 Xorux | 1 Lpar2rrd | 2025-11-03 | N/A | 5.3 MEDIUM |
| An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information. | |||||
| CVE-2025-54767 | 1 Xorux | 1 Lpar2rrd | 2025-11-03 | N/A | 6.5 MEDIUM |
| An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user. | |||||
| CVE-2025-54766 | 1 Xorux | 1 Xormon | 2025-11-03 | N/A | 5.3 MEDIUM |
| An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information. | |||||
| CVE-2025-54765 | 1 Xorux | 1 Xormon | 2025-11-03 | N/A | 5.3 MEDIUM |
| An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions. | |||||
| CVE-2025-0589 | 3 Linux, Microsoft, Octopus | 3 Linux Kernel, Windows, Octopus Server | 2025-07-02 | N/A | 5.3 MEDIUM |
| In affected versions of Octopus Deploy where customers are using Active Directory for authentication it was possible for an unauthenticated user to make an API request against two endpoints which would retrieve some data from the associated Active Directory. The requests when crafted correctly would return specific information from user profiles (Email address/UPN and Display name) from one endpoint and group information ( Group ID and Display name) from the other. This vulnerability does not expose data within the Octopus Server product itself. | |||||
| CVE-2025-23375 | 1 Dell | 1 Powerprotect Data Manager | 2025-05-13 | N/A | 7.8 HIGH |
| Dell PowerProtect Data Manager Reporting, version(s) 19.17, contain(s) an Incorrect Use of Privileged APIs vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | |||||
| CVE-2024-46978 | 1 Xwiki | 1 Xwiki | 2025-02-07 | N/A | 6.5 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4. | |||||
| CVE-2024-22042 | 1 Siemens | 1 Unicam Fx | 2024-12-16 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. | |||||
| CVE-2024-8785 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | N/A | 9.8 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | |||||
| CVE-2024-11068 | 1 Dlink | 2 Dsl6740c, Dsl6740c Firmware | 2024-11-24 | N/A | 9.8 CRITICAL |
| The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user’s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user’s account. | |||||
| CVE-2022-4805 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 4.3 MEDIUM |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-4796 | 1 Usememos | 1 Memos | 2024-11-21 | N/A | 8.1 HIGH |
| Incorrect Use of Privileged APIs in GitHub repository usememos/memos prior to 0.9.1. | |||||
| CVE-2022-24821 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 5.5 MEDIUM | 6.8 MEDIUM |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki. | |||||