ReportizFlow
Filtered by vendor
Subscriptions
Total
2682 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36056 | 1 Marvin Test | 1 Hw Driver | 2026-04-15 | 5.4 Medium |
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation. | ||||
| CVE-2024-9636 | 2026-04-15 | 9.8 Critical | ||
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. | ||||
| CVE-2025-22621 | 2026-04-15 | 6.4 Medium | ||
| In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles. | ||||
| CVE-2024-34454 | 1 Nintendo | 1 Wii U | 2026-04-15 | 7.4 High |
| Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name). | ||||
| CVE-2016-15045 | 2026-04-15 | N/A | ||
| A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root. | ||||
| CVE-2025-12405 | 1 Google | 2 Cloud Looker, Looker | 2026-04-15 | N/A |
| An improper privilege management vulnerability was found in Looker Studio. It impacted all JDBC-based connectors. A Looker Studio user with report view access could make a copy of the report and execute arbitrary SQL that would run on the data source database due to the stored credentials attached to the report. This vulnerability was patched on 21 July 2025, and no customer action is needed. | ||||
| CVE-2024-3137 | 2026-04-15 | N/A | ||
| Improper Privilege Management in uvdesk/community-skeleton | ||||
| CVE-2024-33308 | 2026-04-15 | 9.1 Critical | ||
| An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository. | ||||
| CVE-2024-33567 | 2026-04-15 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2025-37123 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2026-04-15 | 8.8 High |
| A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system. | ||||
| CVE-2024-31290 | 1 Coderevolution | 1 Demo My Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1. | ||||
| CVE-2025-28237 | 2026-04-15 | 8.8 High | ||
| An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. | ||||
| CVE-2025-13176 | 1 Eset | 1 Inspect Connector | 2026-04-15 | N/A |
| Planting a custom configuration file in ESET Inspect Connector allow load a malicious DLL. | ||||
| CVE-2023-51483 | 1 Glowlogix | 1 Wp Frontend Profile | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. | ||||
| CVE-2024-44540 | 1 Ubiquiti | 1 Airmax Firmware | 2026-04-15 | 6.6 Medium |
| Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2025-23093 | 2026-04-15 | 8.8 High | ||
| The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | ||||
| CVE-2024-34331 | 1 Parallels | 1 Parallels Desktop | 2026-04-15 | 9.8 Critical |
| A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. | ||||
| CVE-2024-44439 | 1 Shanghai Zhouma Network Technology Co | 1 Intelligent Manufacturing Collaborative Internet Of Things | 2026-04-15 | 5.9 Medium |
| An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | ||||
| CVE-2025-57443 | 2 Apple, Frostwire | 2 Macos, Frostwire | 2026-04-15 | 5.1 Medium |
| FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories. | ||||
| CVE-2024-41228 | 1 Symlink | 1 Symlink | 2026-04-15 | 7.6 High |
| A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. | ||||