Total
2337 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-27181 | 1 Apache | 1 Linkis | 2025-06-03 | N/A | 8.8 HIGH |
| In Apache Linkis <= 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue. | |||||
| CVE-2024-21888 | 1 Ivanti | 2 Connect Secure, Policy Secure | 2025-06-03 | N/A | 8.8 HIGH |
| A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. | |||||
| CVE-2022-39007 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-03 | N/A | 9.8 CRITICAL |
| The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation. | |||||
| CVE-2024-31953 | 2 Apple, Samsung | 2 Macos, Magician | 2025-06-03 | N/A | 6.7 MEDIUM |
| An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.) | |||||
| CVE-2025-26396 | 2025-06-02 | N/A | 7.8 HIGH | ||
| The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. | |||||
| CVE-2025-0358 | 2025-06-02 | N/A | 8.8 HIGH | ||
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | |||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | N/A | 7.5 HIGH |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | |||||
| CVE-2023-50726 | 1 Argoproj | 1 Argo Cd | 2025-06-02 | N/A | 6.4 MEDIUM |
| Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. "Local sync" is an Argo CD feature that allows developers to temporarily override an Application's manifests with locally-defined manifests. Use of the feature should generally be limited to highly-trusted users, since it allows the user to bypass any merge protections in git. An improper validation bug allows users who have `create` privileges but not `override` privileges to sync local manifests on app creation. All other restrictions, including AppProject restrictions are still enforced. The only restriction which is not enforced is that the manifests come from some approved git/Helm/OCI source. The bug was introduced in 1.2.0-rc1 when the local manifest sync feature was added. The bug has been patched in Argo CD versions 2.10.3, 2.9.8, and 2.8.12. Users are advised to upgrade. Users unable to upgrade may mitigate the risk of branch protection bypass by removing `applications, create` RBAC access. The only way to eliminate the issue without removing RBAC access is to upgrade to a patched version. | |||||
| CVE-2024-51392 | 2025-05-30 | N/A | 8.8 HIGH | ||
| An issue in OpenKnowledgeMaps Headstart v7 allows a remote attacker to escalate privileges via the url parameter of the getPDF.php component | |||||
| CVE-2025-4636 | 2025-05-30 | N/A | 7.8 HIGH | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | |||||
| CVE-2023-43845 | 1 Aten | 2 Pe6208, Pe6208 Firmware | 2025-05-30 | N/A | 9.8 CRITICAL |
| Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges. | |||||
| CVE-2024-28813 | 1 Nokia | 2 Hit 7300, Hit 7300 Firmware | 2025-05-30 | N/A | 8.4 HIGH |
| An issue was discovered in Infinera hiT 7300 5.60.50. Undocumented privileged functions in the @CT management application allow an attacker to activate remote SSH access to the appliance via an unexpected network interface. | |||||
| CVE-2024-40458 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets. | |||||
| CVE-2024-40459 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function | |||||
| CVE-2024-40460 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE | |||||
| CVE-2024-40461 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component | |||||
| CVE-2024-40462 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.8 HIGH |
| An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component | |||||
| CVE-2024-41199 | 1 Ocuco | 1 Innovation | 2025-05-30 | N/A | 7.2 HIGH |
| An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet. | |||||
| CVE-2023-51356 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | N/A | 8.8 HIGH |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | |||||
| CVE-2023-47837 | 1 Reputeinfosystems | 1 Armember | 2025-05-29 | N/A | 8.3 HIGH |
| Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10. | |||||