ReportizFlow
Filtered by vendor
Subscriptions
Total
2687 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28400 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method | ||||
| CVE-2025-28401 | 1 Ruoyi | 1 Ruoyi | 2025-04-09 | 6.7 Medium |
| An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter | ||||
| CVE-2024-28851 | 1 Snowflake | 1 Snowflake Hive Metastore Connector | 2025-04-09 | 4 Medium |
| The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. | ||||
| CVE-2022-0668 | 1 Jfrog | 1 Artifactory | 2025-04-09 | 5.3 Medium |
| JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user. | ||||
| CVE-2022-4294 | 5 Avast, Avg, Avira and 2 more | 5 Antivirus, Antivirus, Avira Security and 2 more | 2025-04-08 | 7.1 High |
| Norton, Avira, Avast and AVG Antivirus for Windows may be susceptible to a Privilege Escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2022-39182 | 1 Mingham-smith | 1 Tardis 2000 | 2025-04-08 | 4.9 Medium |
| H C Mingham-Smith Ltd - Tardis 2000 Privilege escalation.Version 1.6 is vulnerable to privilege escalation which may allow a malicious actor to gain system privileges. | ||||
| CVE-2023-22809 | 5 Apple, Debian, Fedoraproject and 2 more | 11 Macos, Debian Linux, Fedora and 8 more | 2025-04-04 | 7.8 High |
| In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | ||||
| CVE-2023-0221 | 1 Mcafee | 1 Application And Change Control | 2025-04-04 | 4.4 Medium |
| Product security bypass vulnerability in ACC prior to version 8.3.4 allows a locally logged-in attacker with administrator privileges to bypass the execution controls provided by ACC using the utilman program. | ||||
| CVE-2023-0242 | 1 Rapid7 | 1 Velociraptor | 2025-04-03 | 8.8 High |
| Rapid7 Velociraptor allows users to be created with different privileges on the server. Administrators are generally allowed to run any command on the server including writing arbitrary files. However, lower privilege users are generally forbidden from writing or modifying files on the server. The VQL copy() function applies permission checks for reading files but does not check for permission to write files. This allows a low privilege user (usually, users with the Velociraptor "investigator" role) to overwrite files on the server, including Velociraptor configuration files. To exploit this vulnerability, the attacker must already have a Velociraptor user account at a low privilege level (at least "analyst") and be able to log into the GUI and create a notebook where they can run the VQL query invoking the copy() VQL function. Typically, most users deploy Velociraptor with limited access to a trusted group (most users will be administrators within the GUI). This vulnerability is associated with program files https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go https://github.Com/Velocidex/velociraptor/blob/master/vql/filesystem/copy.go and program routines copy(). This issue affects Velociraptor versions before 0.6.7-5. Version 0.6.7-5, released January 16, 2023, fixes the issue. | ||||
| CVE-2021-4314 | 1 Linuxfoundation | 1 Zowe Api Mediation Layer | 2025-04-03 | 5.3 Medium |
| It is possible to manipulate the JWT token without the knowledge of the JWT secret and authenticate without valid JWT token as any user. This is happening only in the situation when zOSMF doesn’t have the APAR PH12143 applied. This issue affects: 1.16 versions to 1.19. What happens is that the services using the ZAAS client or the API ML API to query will be deceived into believing the information in the JWT token is valid when it isn’t. It’s possible to use this to persuade the southbound service that different user is authenticated. | ||||
| CVE-2023-22331 | 1 Contec | 1 Conprosys Hmi System | 2025-04-03 | 7.5 High |
| Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information. | ||||
| CVE-2022-25631 | 1 Broadcom | 1 Symantec Endpoint Protection | 2025-04-03 | 7.8 High |
| Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated | ||||
| CVE-2024-57062 | 1 Soundcloud | 1 Soundcloud | 2025-04-03 | 6.7 Medium |
| An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component. | ||||
| CVE-2024-27207 | 1 Google | 1 Android | 2025-04-03 | 9.1 Critical |
| Exported broadcast receivers allowing malicious apps to bypass broadcast protection. | ||||
| CVE-2024-27222 | 1 Google | 1 Android | 2025-04-03 | 7.8 High |
| In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-27233 | 1 Google | 1 Android | 2025-04-03 | 7.8 High |
| In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-25987 | 1 Google | 1 Android | 2025-04-03 | 6.7 Medium |
| In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-25872 | 1 Openpanel | 1 Openpanel | 2025-04-03 | 5.5 Medium |
| An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | ||||
| CVE-2023-0101 | 1 Tenable | 1 Nessus | 2025-04-02 | 8.8 High |
| A privilege escalation vulnerability was identified in Nessus versions 8.10.1 through 8.15.8 and 10.0.0 through 10.4.1. An authenticated attacker could potentially execute a specially crafted file to obtain root or NT AUTHORITY / SYSTEM privileges on the Nessus host. | ||||
| CVE-2022-38774 | 2 Elastic, Microsoft | 3 Endgame, Endpoint Security, Windows | 2025-04-02 | 7.8 High |
| An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account. | ||||