Vulnerabilities (CVE)

Filtered by CWE-269
Total 2402 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2025-61759 2025-10-22 N/A 6.5 MEDIUM
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
CVE-2025-11086 2025-10-22 N/A 8.1 HIGH
The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.3.7. This is due to the plugin not properly validating a user's role prior to registering a user via the Social Login addon. This makes it possible for unauthenticated attackers to update their role to Administrator when registering on the site.
CVE-2025-62592 2025-10-22 N/A 6.0 MEDIUM
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
CVE-2025-5494 1 Zohocorp 1 Manageengine Endpoint Central 2025-10-22 N/A 3.9 LOW
ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13.
CVE-2013-0643 7 Adobe, Apple, Linux and 4 more 11 Flash Player, Mac Os X, Linux Kernel and 8 more 2025-10-22 9.3 HIGH 8.8 HIGH
The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly restrict privileges, which makes it easier for remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2002-0367 1 Microsoft 2 Windows 2000, Windows Nt 2025-10-22 7.2 HIGH 7.8 HIGH
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
CVE-2023-28434 1 Minio 1 Minio 2025-10-22 N/A 8.8 HIGH
Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`.
CVE-2021-25337 1 Samsung 1 Android 2025-10-22 5.8 MEDIUM 4.4 MEDIUM
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
CVE-2021-23874 1 Mcafee 1 Total Protection 2025-10-22 4.6 MEDIUM 8.2 HIGH
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
CVE-2021-20021 1 Sonicwall 2 Email Security, Hosted Email Security 2025-10-22 7.5 HIGH 9.8 CRITICAL
A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.
CVE-2020-8655 1 Eyesofnetwork 1 Eyesofnetwork 2025-10-22 9.3 HIGH 7.8 HIGH
An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege escalation vulnerability, allowing the apache user to run arbitrary commands as root via a crafted NSE script for nmap 7.
CVE-2020-3950 2 Apple, Vmware 4 Macos, Fusion, Horizon Client and 1 more 2025-10-22 7.2 HIGH 7.8 HIGH
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CVE-2019-1405 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 12 more 2025-10-22 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'.
CVE-2019-1388 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 11 more 2025-10-22 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the Windows Certificate Dialog when it does not properly enforce user privileges, aka 'Windows Certificate Dialog Elevation of Privilege Vulnerability'.
CVE-2019-1215 1 Microsoft 16 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 13 more 2025-10-22 7.2 HIGH 7.8 HIGH
An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.
CVE-2017-5689 3 Hpe, Intel, Siemens 71 Proliant Ml10 Gen9 Server, Proliant Ml10 Gen9 Server Firmware, Active Management Technology Firmware and 68 more 2025-10-22 10.0 HIGH 9.8 CRITICAL
An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability (ISM). An unprivileged local attacker could provision manageability features gaining unprivileged network or local system privileges on Intel manageability SKUs: Intel Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT).
CVE-2016-0151 1 Microsoft 5 Windows 10 1507, Windows 10 1511, Windows 8.1 and 2 more 2025-10-22 7.2 HIGH 7.8 HIGH
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
CVE-2024-8068 1 Citrix 1 Session Recording 2025-10-21 N/A 8.0 HIGH
Privilege escalation to NetworkService Account access in Citrix Session Recording when an attacker is an authenticated user in the same Windows Active Directory domain as the session recording server domain
CVE-2024-49035 1 Microsoft 1 Partner Center 2025-10-21 N/A 8.7 HIGH
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
CVE-2024-38014 1 Microsoft 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more 2025-10-21 N/A 7.8 HIGH
Windows Installer Elevation of Privilege Vulnerability