Total
2586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12726 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 7.5 High |
| Inappropriate implementation in Views in Google Chrome on Windows prior to 142.0.7444.137 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-24307 | 1 Intel | 2 Cip Software, Computing Improvement Program | 2026-02-26 | 2 Low |
| Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable data manipulation. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-24838 | 1 Intel | 2 Cip Software, Computing Improvement Program | 2026-02-26 | 8.8 High |
| Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-59514 | 1 Microsoft | 26 Windows 10, Windows 10 1607, Windows 10 1809 and 23 more | 2026-02-26 | 7.8 High |
| Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-20346 | 1 Cisco | 2 Catalyst Center, Digital Network Architecture Center | 2026-02-26 | 4.3 Medium |
| A vulnerability in Cisco Catalyst Center could allow an authenticated, remote attacker to execute operations that should require Administrator privileges. The attacker would need valid read-only user credentials. This vulnerability is due to improper role-based access control (RBAC). An attacker could exploit this vulnerability by logging in to an affected system and modifying certain policy configurations. A successful exploit could allow the attacker to modify policy configurations that are reserved for the Administrator role. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer. | ||||
| CVE-2025-40548 | 2 Microsoft, Solarwinds | 2 Windows, Serv-u | 2026-02-26 | 9.1 Critical |
| A missing validation process exists in Serv U when abused, could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2025-48982 | 2 Microsoft, Veeam | 4 Windows, Agent, Veeam and 1 more | 2026-02-26 | 7.8 High |
| This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation if a system administrator is tricked into restoring a malicious file. | ||||
| CVE-2025-43320 | 1 Apple | 2 Macos, Macos Sequoia | 2026-02-26 | 7.8 High |
| The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.3. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges. | ||||
| CVE-2025-33187 | 1 Nvidia | 3 Dgx, Dgx Os, Dgx Spark | 2026-02-26 | 9.3 Critical |
| NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges. | ||||
| CVE-2026-2780 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2025-13918 | 2 Broadcom, Symantec | 2 Symantec Endpoint Protection, Endpoint Protection | 2026-02-26 | 6.7 Medium |
| Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2025-36640 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-26 | 8.8 High |
| A vulnerability has been identified in the installation/uninstallation of the Nessus Agent Tray App on Windows Hosts which could lead to escalation of privileges. | ||||
| CVE-2023-28434 | 1 Minio | 1 Minio | 2026-02-26 | 8.8 High |
| Minio is a Multi-Cloud Object Storage framework. Prior to RELEASE.2023-03-20T20-16-18Z, an attacker can use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket`. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. This issue has been patched in RELEASE.2023-03-20T20-16-18Z. As a workaround, enable browser API access and turn off `MINIO_BROWSER=off`. | ||||
| CVE-2026-21223 | 1 Microsoft | 1 Edge Chromium | 2026-02-26 | 7.1 High |
| Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21957 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2026-21983 | 1 Oracle | 1 Vm Virtualbox | 2026-02-26 | 7.5 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2025-40538 | 1 Solarwinds | 1 Serv-u | 2026-02-26 | 9.1 Critical |
| A broken access control vulnerability exists in Serv-U which when exploited, gives a malicious actor the ability to create a system admin user and execute arbitrary code as a privileged account via domain admin or group admin privileges. This issue requires administrative privileges to abuse. On Windows deployments, the risk is scored as a medium because services frequently run under less-privileged service accounts by default. | ||||
| CVE-2026-2777 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 9.8 Critical |
| Privilege escalation in the Messaging System component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2026-2782 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-02-26 | 8.8 High |
| Privilege escalation in the Netmonitor component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8. | ||||
| CVE-2025-15561 | 1 Nestersoft | 1 Worktime | 2026-02-26 | 7.8 High |
| An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The executable will then be run by the WorkTime monitoring daemon. | ||||