Total
2475 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0353 | 1 Eset | 11 Endpoint Antivirus, Endpoint Security, File Security and 8 more | 2025-12-10 | 7.8 High |
| Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. | ||||
| CVE-2025-12952 | 1 Google | 1 Cloud Dialogflow Cx | 2025-12-10 | N/A |
| A privilege escalation vulnerability exists in Google Cloud's Dialogflow CX. Dialogflow agent developers with Webhook editor permission are able to configure Webhooks using Dialogflow service agent access token authentication. This allows the attacker to escalate their privileges from agent-level to project-level, granting them unauthorized access to manage resources in services associated with the project, leading to unexpected costs and resource depletion for the producer project. A fix was applied on the server side to protect from this vulnerability in February 2025. No customer action is required. | ||||
| CVE-2024-38089 | 1 Microsoft | 1 Defender For Iot | 2025-12-09 | 9.1 Critical |
| Microsoft Defender for IoT Elevation of Privilege Vulnerability | ||||
| CVE-2025-59514 | 1 Microsoft | 26 Windows 10, Windows 10 1607, Windows 10 1809 and 23 more | 2025-12-09 | 7.8 High |
| Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-12381 | 1 Algosec | 1 Firewall Analyzer | 2025-12-09 | N/A |
| Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10. | ||||
| CVE-2025-66324 | 1 Huawei | 1 Harmonyos | 2025-12-09 | 8.4 High |
| Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity. | ||||
| CVE-2025-59705 | 1 Entrust | 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more | 2025-12-08 | 6.8 Medium |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01. | ||||
| CVE-2025-59697 | 1 Entrust | 11 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc and 8 more | 2025-12-08 | 7.2 High |
| Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | ||||
| CVE-2025-13292 | 1 Google | 1 Cloud Apigee-x | 2025-12-08 | N/A |
| A vulnerability in Apigee-X allowed an attacker to gain unauthorized read and write access to Apigee Analytics (AX) data and access logs belonging to other Apigee customer organizations. Apigee-X was found to be vulnerable. This vulnerability was patched in version 1-16-0-apigee-3. No user action is required for this. | ||||
| CVE-2024-32959 | 2 Sirv, Wordpress | 2 Sirv, Wordpress | 2025-12-06 | 8.8 High |
| Improper Privilege Management vulnerability in Sirv allows Privilege Escalation.This issue affects Sirv: from n/a through 7.2.2. | ||||
| CVE-2025-64336 | 2 Clip-bucket, Oxygenz | 2 Clipbucket, Clipbucket | 2025-12-05 | 5.4 Medium |
| ClipBucket v5 is an open source video sharing platform. In versions 5.5.2-#146 and below, the Manage Photos feature is vulnerable to stored Cross-site Scripting (XSS). An authenticated regular user can upload a photo with a malicious Photo Title containing HTML/JavaScript code. While the payload does not execute in the user-facing photo gallery or detail pages, it is rendered unsafely in the Admin → Manage Photos section, resulting in JavaScript execution in the administrator’s browser. This issue is fixed in version 5.5.2-#147. | ||||
| CVE-2018-1000141 | 1 Scilico | 1 I\, Librarian | 2025-12-05 | 9.1 Critical |
| I, Librarian version 4.9 and earlier contains an Incorrect Access Control vulnerability in ajaxdiscussion.php that can result in any users gaining unauthorized access (read, write and delete) to project discussions. | ||||
| CVE-2024-27301 | 1 Root3 | 1 Support App | 2025-12-05 | 7.3 High |
| Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed. An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-65621 | 1 Snipeitapp | 1 Snipe-it | 2025-12-04 | 5.4 Medium |
| Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation. | ||||
| CVE-2025-13534 | 3 Elextensions, Elula, Wordpress | 3 Elex Wordpress Plugin, Wsdesk, Wordpress | 2025-12-04 | 6.3 Medium |
| The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.3.2. This is due to missing authorization checks on the eh_crm_edit_agent AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to escalate their WSDesk privileges from limited "Reply Tickets" permissions to full helpdesk administrator capabilities, gaining unauthorized access to ticket management, settings configuration, agent administration, and sensitive customer data. | ||||
| CVE-2025-13542 | 2 Designthemes, Wordpress | 2 Designthemes Lms, Wordpress | 2025-12-04 | 9.8 Critical |
| The DesignThemes LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.4. This is due to the 'dtlms_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. | ||||
| CVE-2025-59790 | 1 Apache | 1 Kvrocks | 2025-12-04 | 5.4 Medium |
| Improper Privilege Management vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0. Users are recommended to upgrade to version 2.14.0, which fixes the issue. | ||||
| CVE-2025-59693 | 1 Entrust | 3 Nshield 5c, Nshield Connect Xc, Nshield Hsmi | 2025-12-04 | 9.8 Critical |
| The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02. | ||||
| CVE-2025-62686 | 2 Apple, Plugin Alliance | 2 Macos, Installation Manager | 2025-12-04 | 6.2 Medium |
| A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges. | ||||
| CVE-2025-55076 | 2 Apple, Plugin Alliance | 2 Macos, Installation Manager | 2025-12-04 | 6.2 Medium |
| A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges. | ||||