High
CVSS: 7.2
The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying the existence of a multisite installation prior to…
Medium
CVSS: 6.8
Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code
execution and potentially unenroll enterprise-managed devices via a spe…
Critical
CVSS: 9.8
The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for una…
Critical
CVSS: 9.8
The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it…
High
CVSS: 7.8
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.
High
CVSS: 8.8
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.
Medium
CVSS: 4.7
A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671.
High
CVSS: 8.6
A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device.
This issue affects InkPad Color 3 in version U743k3.6.8.3671.
Medium
CVSS: 6.5
Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know.
This issue affects Apache StreamPipes: through 0.95.1.
Users are recommended to upgrade to versi…
Critical
CVSS: 9.8
Infoblox NIOS through 8.6.4 executes with more privileges than required.
High
CVSS: 8.8
The Templines Elementor Helper Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.7. This is due to allowing arbitrary user meta updates. This makes it possible for authenticated attacker…
High
CVSS: 7.1
The Bricks theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.9.6.1. This is due to insufficient validation checks placed on the create_autosave AJAX function. This makes it possible for authen…
Medium
CVSS: 5.3
HCL MyCloud is affected by Improper Access Control - an unauthenticated privilege escalation vulnerability which may lead to information disclosure and potential for Server-Side Request Forgery (SSRF) and Denial of Service(DOS) attacks from…
High
CVSS: 8.8
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows.
High
CVSS: 7.8
Symantec Diagnostic Tool (SymDiag), prior to 3.0.79, may be susceptible to a Privilege Escalation vulnerability.
High
CVSS: 8.8
An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200.
High
CVSS: 8.5
CWE-269: Improper Privilege Management vulnerability exists for two services (of which one managing audit
trail data and the other acting as server managing client request) that could cause a loss of Confidentiality,
Integrity and Availabil…
Low
CVSS: 3.8
An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD (Bring Your Own Vulnerable Driver) attack.
High
CVSS: 7.3
A DLL hijacking vulnerability in the AMD Ryzen™ Master Utility could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
Medium
CVSS: 6.3
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manually…