ReportizFlow
Filtered by vendor
Subscriptions
Total
2379 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27847 | 1 Espec | 1 North America Web Controller | 2025-08-17 | 4.3 Medium |
| In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | ||||
| CVE-2025-27846 | 1 Espec | 1 North America Web Controller | 2025-08-17 | 4.3 Medium |
| In ESPEC North America Web Controller 3 before 3.3.8, an attacker with physical access can gain elevated privileges because GRUB and the BIOS are unprotected. | ||||
| CVE-2025-6080 | 2025-08-16 | 8.8 High | ||
| The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to unauthorized admin account creation in all versions up to, and including, 67.7.0. This is due to the plugin not properly validating a user's capabilities prior to adding users. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new users, including admins. | ||||
| CVE-2025-49758 | 1 Microsoft | 6 Sql 2016 Azure Connect Feature Pack, Sql Server, Sql Server 2016 and 3 more | 2025-08-15 | 8.8 High |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-22341 | 1 Ibm | 1 Watson Query With Cloud Pak For Data As A Service | 2025-08-15 | 5.3 Medium |
| IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. | ||||
| CVE-2021-21981 | 1 Broadcom | 1 Vmware Nsx-t Data Center | 2025-08-13 | 7.8 High |
| VMware NSX-T contains a privilege escalation vulnerability due to an issue with RBAC (Role based access control) role assignment. Successful exploitation of this issue may allow attackers with local guest user account to assign privileges higher than their own permission level. | ||||
| CVE-2025-2713 | 1 Google | 1 Gvisor | 2025-08-13 | 7.8 High |
| Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork. | ||||
| CVE-2025-54996 | 2 Openbao, Openbao Project | 2 Openbao, Openbao | 2025-08-12 | 7.2 High |
| OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 2.3.1 and below, accounts with access to highly-privileged identity entity systems in root namespaces were able to increase their scope directly to the root policy. While the identity system allowed adding arbitrary policies, which in turn could contain capability grants on arbitrary paths, the root policy was restricted to manual generation using unseal or recovery key shares. The global root policy was not accessible from child namespaces. This issue is fixed in version 2.3.2. To workaround this vulnerability, use of denied_parameters in any policy which has access to the affected identity endpoints (on identity entities) may be sufficient to prohibit this type of attack. | ||||
| CVE-2025-8660 | 1 Broadcom | 1 Symantec Pgp Encryption | 2025-08-12 | N/A |
| Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | ||||
| CVE-2025-26513 | 1 Netapp | 1 Windows Host Utilities | 2025-08-12 | 7 High |
| The installer for SAN Host Utilities for Windows versions prior to 8.0 is susceptible to a vulnerability which when successfully exploited could allow a local user to escalate their privileges. | ||||
| CVE-2025-7784 | 1 Redhat | 5 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 2 more | 2025-08-11 | 6.5 Medium |
| A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm. | ||||
| CVE-2024-48729 | 2025-08-11 | 7.1 High | ||
| An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component. | ||||
| CVE-2024-43153 | 1 Xtendify | 1 Woffice | 2025-08-09 | 9.8 Critical |
| Improper Privilege Management vulnerability in WofficeIO Woffice allows Privilege Escalation.This issue affects Woffice: from n/a through 5.4.10. | ||||
| CVE-2025-2798 | 1 Xtendify | 1 Woffice | 2025-08-08 | 9.8 Critical |
| The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link. | ||||
| CVE-2025-54594 | 1 React-native-bottom-tabs Project | 1 React-native-bottom-tabs | 2025-08-06 | 9.1 Critical |
| react-native-bottom-tabs is a library of Native Bottom Tabs for React Native. In versions 0.9.2 and below, the github/workflows/release-canary.yml GitHub Actions repository workflow improperly used the pull_request_target event trigger, which allowed for untrusted code from a forked pull request to be executed in a privileged context. An attacker could create a pull request containing a malicious preinstall script in the package.json file and then trigger the vulnerable workflow by posting a specific comment (!canary). This allowed for arbitrary code execution, leading to the exfiltration of sensitive secrets such as GITHUB_TOKEN and NPM_TOKEN, and could have allowed an attacker to push malicious code to the repository or publish compromised packages to the NPM registry. There is a remediation commit which removes github/workflows/release-canary.yml, but a version with this fix has yet to be released. | ||||
| CVE-2025-6994 | 2 Smartdatasoft, Wordpress | 2 Reveal Listing, Wordpress | 2025-08-06 | 9.8 Critical |
| The Reveal Listing plugin by smartdatasoft for WordPress is vulnerable to privilege escalation in versions up to, and including, 3.3. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'listing_user_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. | ||||
| CVE-2025-0320 | 2 Citrix, Microsoft | 2 Secure Access Client, Windows | 2025-08-06 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Secure Access Client for Windows | ||||
| CVE-2025-6759 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-08-06 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | ||||
| CVE-2025-4879 | 1 Citrix | 1 Workspace | 2025-08-06 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2025-52289 | 1 Magnussolution | 1 Magnusbilling | 2025-08-06 | 8 High |
| A Broken Access Control vulnerability in MagnusBilling v7.8.5.3 allows newly registered users to gain escalated privileges by sending a crafted request to /mbilling/index.php/user/save to set their account status fom "pending" to "active" without requiring administrator approval. | ||||