Critical
CVSS: 9.8
The s2Member plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 260127. This is due to the plugin not properly validating a user's identity prior to updating their password.…
High
CVSS: 8.8
The Toret Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'trman_save_option' function and on the 'trman_save_option_items' in al…
Critical
CVSS: 9.8
The Buyent Classified plugin for WordPress (bundled with Buyent theme) is vulnerable to privilege escalation via user registration in all versions up to, and including, 1.0.7. This is due to the plugin not validating or restricting the user…
Critical
CVSS: 9.8
The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can registe…
Critical
CVSS: 9.8
The Clasifico Listing plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0. This is due to the plugin allowing users who are registering new accounts to set their own role by supplying the 'listin…
High
CVSS: 7.8
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution…
High
CVSS: 8.7
Malwarebytes AdwCleaner before v.8.7.0 runs as Administrator and performs an insecure log file delete operation in which the target location is user-controllable, allowing a non-admin user to escalate privileges to SYSTEM via a symbolic lin…
Critical
CVSS: 9.3
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can send a crafted POST request to /jsonrpc/m…
High
CVSS: 8.8
The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 7.0.7. This is due to a missing capability check in the 'save_custom_user_profile_fields' funct…
Critical
CVSS: 9.8
The Truelysell Core plugin for WordPress is vulnerable to privilege escalation in versions less than, or equal to, 1.8.7. This is due to insufficient validation of the user_role parameter during user registration. This makes it possible for…
High
CVSS: 8.1
The Magic Login Mail or QR Code plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.05. This is due to the plugin storing the magic login QR code image with a predictable, static filename (QR_C…
High
CVSS: 8.7
FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to…
Medium
CVSS: 6.0
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4. An attacker with root privileges may be able to delete protected system files.
High
CVSS: 8.8
Vulnerabilities in the My Account and User Management components in CIPPlanner CIPAce before 9.17 allows attackers to escalate their access levels. A low-privileged authenticated user can gain access to other people's accounts by tampering…
High
CVSS: 7.6
OpenMetadata is a unified metadata platform. Prior to 1.11.8, calls issued by the UI against /api/v1/ingestionPipelines leak JWTs used by ingestion-bot for certain services (Glue / Redshift / Postgres). Any read-only user can gain access to…
High
CVSS: 7.6
Outline is a service that allows for collaborative documentation. Prior to 1.1.0, a privilege escalation vulnerability exists in the Outline document management system due to inconsistent authorization checks between user and group membersh…
High
KEV CVSS: 7.8
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
High
CVSS: 8.8
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_panel_ajax_update_pro…
Critical
CVSS: 9.8
The JAY Login & Register plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.6.03. This is due to the plugin allowing a user to update arbitrary user meta through the 'jay_login_register_ajax_c…
High
CVSS: 7.8
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files…