ReportizFlow
Filtered by vendor
Subscriptions
Total
2246 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27468 | 2025-05-17 | 7 High | ||
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29976 | 2025-05-17 | 7.8 High | ||
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-30475 | 2025-05-16 | 8.1 High | ||
| Dell PowerScale InsightIQ, versions 5.0 through 5.2, contains an improper privilege management vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to elevation of privileges. | ||||
| CVE-2025-29800 | 2025-05-16 | 7.8 High | ||
| Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-23764 | 1 Withsecure | 4 Client Security, Elements Endpoint Protection, Email And Server Security and 1 more | 2025-05-15 | 6.7 Medium |
| Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later. | ||||
| CVE-2024-22239 | 1 Vmware | 1 Aria Operations For Networks | 2025-05-15 | 5.3 Medium |
| Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. | ||||
| CVE-2024-22237 | 1 Vmware | 1 Aria Operations For Networks | 2025-05-15 | 7.8 High |
| Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. | ||||
| CVE-2022-32931 | 1 Apple | 1 Macos | 2025-05-15 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app with root privileges may be able to access private information. | ||||
| CVE-2025-22220 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-05-14 | 4.3 Medium |
| VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. | ||||
| CVE-2024-38830 | 1 Vmware | 2 Aria Operations, Cloud Foundation | 2025-05-14 | 7.8 High |
| VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | ||||
| CVE-2025-31222 | 2025-05-14 | 7.8 High | ||
| A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges. | ||||
| CVE-2025-24258 | 2025-05-13 | 7.8 High | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. An app may be able to gain root privileges. | ||||
| CVE-2025-4646 | 2025-05-13 | 7.2 High | ||
| Improper Privilege Management vulnerability in Centreon web (API Token creation form modules) allows Privilege Escalation.This issue affects web: from 24.04.0 before 24.04.10, from 24.10.0 before 24.10.4. | ||||
| CVE-2025-4649 | 2025-05-13 | 4.9 Medium | ||
| Improper Privilege Management vulnerability in Centreon web allows Privilege Escalation. ACL are not correctly taken into account in the display of the "event logs" page. This page requiring, high privileges, will display all available logs. This issue affects web: from 24.10.3 before 24.10.4, from 24.04.09 before 24.04.10, from 23.10.19 before 23.10.21, from 23.04.24 before 23.04.26. | ||||
| CVE-2025-21199 | 2025-05-13 | 6.7 Medium | ||
| Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-24070 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-05-13 | 7 High |
| Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2023-51398 | 1 Brainstormforce | 1 Ultimate Addons For Beaver Builder | 2025-05-13 | 8.8 High |
| Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder allows Privilege Escalation.This issue affects Ultimate Addons for Beaver Builder: from n/a through 1.35.14. | ||||
| CVE-2025-32974 | 1 Xwiki | 1 Xwiki | 2025-05-13 | 9.1 Critical |
| XWiki is a generic wiki platform. In versions starting from 15.9-rc-1 to before 15.10.8 and from 16.0.0-rc-1 to before 16.2.0, the required rights analysis doesn't consider TextAreas with default content type. When editing a page, XWiki warns since version 15.9 when there is content on the page like a script macro that would gain more rights due to the editing. This analysis doesn't consider certain kinds of properties, allowing a user to put malicious scripts in there that will be executed after a user with script, admin, or programming rights edited the page. Such a malicious script could impact the confidentiality, integrity and availability of the whole XWiki installation. This issue has been patched in versions 15.10.8 and 16.2.0. | ||||
| CVE-2025-46576 | 1 Zte | 1 Zxcloud Goldendb | 2025-05-12 | 5.4 Medium |
| There is a Permission Management and Access Control vulnerability in the GoldenDB database product. Attackers can manipulate requests to bypass privilege restrictions and delete content. | ||||
| CVE-2025-46741 | 2025-05-12 | 5.7 Medium | ||
| A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred. | ||||