Total
2586 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45496 | 1 Redhat | 1 Openshift | 2026-02-25 | 9.9 Critical |
| A flaw was found in OpenShift. This issue occurs due to the misuse of elevated privileges in the OpenShift Container Platform's build process. During the build initialization step, the git-clone container is run with a privileged security context, allowing unrestricted access to the node. An attacker with developer-level access can provide a crafted .gitconfig file containing commands executed during the cloning process, leading to arbitrary command execution on the worker node. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||
| CVE-2023-46813 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2026-02-25 | 7.0 High |
| An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it. | ||||
| CVE-2023-20235 | 1 Cisco | 20 Catalyst Ie3200 Rugged Switch, Catalyst Ie3300 Rugged Switch, Catalyst Ie3400 Rugged Switch and 17 more | 2026-02-25 | 6.5 Medium |
| A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | ||||
| CVE-2023-29066 | 2 Bd, Hp | 3 Facschorus, Hp Z2 Tower G5, Hp Z2 Tower G9 | 2026-02-25 | 3.2 Low |
| The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders. | ||||
| CVE-2022-2637 | 1 Hitachi | 1 Storage Plug-in | 2026-02-25 | 5.4 Medium |
| Incorrect Privilege Assignment vulnerability in Hitachi Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation.This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.0. | ||||
| CVE-2021-34481 | 1 Microsoft | 19 Windows 10, Windows 10 1507, Windows 10 1607 and 16 more | 2026-02-24 | 8.8 High |
| <p>A remote code execution vulnerability exists when the Windows Print Spooler service improperly performs privileged file operations. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p><strong>UPDATE</strong> August 10, 2021: Microsoft has completed the investigation and has released security updates to address this vulnerability. Please see the Security Updates table for the applicable update for your system. We recommend that you install these updates immediately. This security update changes the Point and Print default behavior; please see <a href="https://support.microsoft.com/help/5005652">KB5005652</a>.</p> | ||||
| CVE-2025-13563 | 2 Buddhathemes, Wordpress | 2 Lizza Lms Pro, Wordpress | 2026-02-24 | 9.8 Critical |
| The Lizza LMS Pro plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the 'lizza_lms_pro_register_user_front_end' function not restricting what user roles a user can register with. This makes it possible for unauthenticated attackers to supply the 'administrator' role during registration and gain administrator access to the site. | ||||
| CVE-2020-16875 | 1 Microsoft | 1 Exchange Server | 2026-02-23 | 8.4 High |
| <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p> | ||||
| CVE-2026-2563 | 2 Jdcloud, Jingdong | 3 Ax6600, Ax6600 Firmware, Jd Cloud Box Ax6600 | 2026-02-23 | 6.3 Medium |
| A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function set_stcreenen_deabled_status/get_status of the file /f/service/controlDevice of the component jdcapp_rpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2562 | 2 Jdcloud, Jingdong | 3 Ax6600, Ax6600 Firmware, Jd Cloud Box Ax6600 | 2026-02-23 | 6.3 Medium |
| A vulnerability was determined in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This impacts the function cast_streen of the file /jdcapi of the component jdcweb_rpc. Executing a manipulation of the argument File can lead to Remote Privilege Escalation. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2561 | 2 Jdcloud, Jingdong | 3 Ax6600, Ax6600 Firmware, Jd Cloud Box Ax6600 | 2026-02-23 | 6.3 Medium |
| A vulnerability was found in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. This affects the function web_get_ddns_uptime of the file /jdcapi of the component jdcweb_rpc. Performing a manipulation results in Remote Privilege Escalation. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-4270 | 1 M-files | 1 M-files Server | 2026-02-23 | 2 Low |
| Incorrect privilege assignment issue in M-Files Web in M-Files Web versions beforeĀ 22.5.11436.1 could have changed permissions accidentally. | ||||
| CVE-2022-4264 | 1 M-files | 1 M-files | 2026-02-23 | 6.5 Medium |
| Incorrect Privilege Assignment in M-Files Web (Classic) in M-Files before 22.8.11691.0 allows low privilege user to change some configuration. | ||||
| CVE-2022-1606 | 1 M-files | 1 M-files Server | 2026-02-23 | 2.4 Low |
| Incorrect privilege assignment in M-Files Server versions before 22.3.11164.0 and before 22.3.11237.1 allows user to read unmanaged objects. | ||||
| CVE-2025-59247 | 1 Microsoft | 2 Azure, Azure Playfab | 2026-02-22 | 8.8 High |
| Azure PlayFab Elevation of Privilege Vulnerability | ||||
| CVE-2019-1175 | 1 Microsoft | 7 Windows 10, Windows 10 1803, Windows 10 1809 and 4 more | 2026-02-20 | 7 High |
| An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. To exploit the vulnerability, a locally authenticated attacker could run a specially crafted application. The security update addresses the vulnerability by ensuring the psmsrv.dll properly handles objects in memory. | ||||
| CVE-2019-1162 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2026-02-20 | 7.8 High |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system. The update addresses the vulnerability by correcting how Windows handles calls to ALPC. | ||||
| CVE-2021-21567 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 7.8 High |
| Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. | ||||
| CVE-2023-32490 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 6.7 Medium |
| Dell PowerScale OneFS 8.2x -9.5x contains an improper privilege management vulnerability. A high privilege local attacker could potentially exploit this vulnerability, leading to system takeover. | ||||
| CVE-2026-24894 | 1 Php | 1 Frankenphp | 2026-02-20 | 7.5 High |
| FrankenPHP is a modern application server for PHP. Prior to 1.11.2, when running FrankenPHP in worker mode, the $_SESSION superglobal is not correctly reset between requests. This allows a subsequent request processed by the same worker to access the $_SESSION data of the previous request (potentially belonging to a different user) before session_start() is called. This vulnerability is fixed in 1.11.2. | ||||