Total
2157 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3950 | 2 Apple, Vmware | 4 Macos, Fusion, Horizon Client and 1 more | 2025-03-13 | 7.8 High |
| VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. | ||||
| CVE-2023-52543 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 6.2 Medium |
| Permission verification vulnerability in the system module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-29779 | 1 Google | 1 Android | 2025-03-13 | 7.4 High |
| there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-21892 | 3 Linux, Nodejs, Redhat | 4 Linux Kernel, Node.js, Enterprise Linux and 1 more | 2025-03-13 | 7.8 High |
| On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. | ||||
| CVE-2023-21113 | 1 Google | 1 Android | 2025-03-13 | 7.8 High |
| In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2018-9375 | 2025-03-13 | 7.8 High | ||
| In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-52716 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of starting activities in the background in the ActivityManagerService (AMS) module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-49742 | 2025-03-13 | 7.8 High | ||
| In onCreate of NotificationAccessConfirmationActivity.java , there is a possible way to hide an app with notification access in Settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2024-48903 | 1 Trend Micro Inc | 1 Deep Security Agent | 2025-03-13 | 7.8 High |
| An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2024-33224 | 1 Realtek | 1 Io Driver | 2025-03-13 | 8.4 High |
| An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-21059 | 1 Oracle | 2 Solaris, Solaris Operating System | 2025-03-13 | 7.8 High |
| Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2025-0177 | 1 Javothemes | 1 Javo Core | 2025-03-13 | 9.8 Critical |
| The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | ||||
| CVE-2024-43121 | 2 Pluginus, Realmag777 | 2 Husky - Products Filter Professional For Woocommerce, Husky | 2025-03-12 | 9.1 Critical |
| Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1. | ||||
| CVE-2024-13835 | 1 Wpexpertplugins | 1 Post Meta Data Manager | 2025-03-12 | 7.2 High |
| The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible. | ||||
| CVE-2022-48341 | 1 Thingsboard | 1 Thingsboard | 2025-03-12 | 8.8 High |
| ThingsBoard 3.4.1 could allow a remote authenticated attacker to achieve Vertical Privilege Escalation. A Tenant Administrator can obtain System Administrator dashboard access by modifying the scope via the scopes parameter. | ||||
| CVE-2024-2297 | 1 Bricksbuilder | 1 Bricks | 2025-03-11 | 7.1 High |
| The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code with elevated (administrator-level) privileges. NOTE: Successful exploitation requires (1) the Bricks Builder to be enabled for posts (2) Builder access to be enabled for contributor-level users, and (3) "Code Execution" to be enabled for administrator-level users within the theme's settings. | ||||
| CVE-2022-48284 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | 9.8 Critical |
| A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | ||||
| CVE-2022-48283 | 1 Huawei | 1 Hilink Ai Life | 2025-03-11 | 9.8 Critical |
| A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions. | ||||
| CVE-2022-32949 | 1 Apple | 3 Ipados, Iphone Os, Tvos | 2025-03-11 | 7.8 High |
| This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, tvOS 16. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32900 | 1 Apple | 1 Macos | 2025-03-11 | 7.8 High |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6, macOS Big Sur 11.7. An app may be able to gain elevated privileges. | ||||