Total
2074 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22341 | 2025-02-22 | 5.3 Medium | ||
| IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management. | ||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2025-02-21 | 7.8 High |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21343 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-02-21 | 7.5 High |
| Windows Web Threat Defense User Service Information Disclosure Vulnerability | ||||
| CVE-2025-21287 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-02-21 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-22774 | 1 Panoramic Corporation | 1 Dental Imaging Software | 2025-02-21 | 7.8 High |
| An issue in Panoramic Corporation Digital Imaging Software v.9.1.2.7600 allows a local attacker to escalate privileges via the ccsservice.exe component. | ||||
| CVE-2024-12284 | 2025-02-21 | N/A | ||
| Authenticated privilege escalation inĀ NetScaler Console and NetScaler Agent allows. | ||||
| CVE-2021-45729 | 1 Srmilon | 1 Wp Google Map | 2025-02-20 | 5.4 Medium |
| The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps. | ||||
| CVE-2022-42459 | 1 Oxilab | 1 Image Hover Effects Ultimate | 2025-02-20 | 7.2 High |
| Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin <= 9.7.1 on WordPress. | ||||
| CVE-2022-42888 | 1 Armemberplugin | 1 Armember | 2025-02-20 | 9.8 Critical |
| Unauth. Privilege Escalation vulnerability inĀ ARMember premium plugin <= 5.5.1 on WordPress. | ||||
| CVE-2023-21068 | 1 Google | 1 Android | 2025-02-20 | 7.8 High |
| In (TBD) of (TBD), there is a possible way to boot with a hidden debug policy due to a missing warning to the user. This could lead to local escalation of privilege after preparing the device, hiding the warning, and passing the phone to a new user, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243433344References: N/A | ||||
| CVE-2024-11218 | 1 Redhat | 7 Enterprise Linux, Openshift, Openshift Ironic and 4 more | 2025-02-20 | 8.6 High |
| A vulnerability was found in `podman build` and `buildah.` This issue occurs in a container breakout by using --jobs=2 and a race condition when building a malicious Containerfile. SELinux might mitigate it, but even with SELinux on, it still allows the enumeration of files and directories on the host. | ||||
| CVE-2023-28640 | 1 Apiman | 1 Apiman | 2025-02-19 | 6.4 Medium |
| Apiman is a flexible and open source API Management platform. Due to a missing permissions check, an attacker with an authenticated Apiman Manager account may be able to gain access to API keys they do not have permission for if they correctly guess the URL, which includes Organisation ID, Client ID, and Client Version of the targeted non-permitted resource. While not trivial to exploit, it could be achieved by brute-forcing or guessing common names. Access to the non-permitted API Keys could allow use of other users' resources without their permission (depending on the specifics of configuration, such as whether an API key is the only form of security). Apiman 3.1.0.Final resolved this issue. Users are advised to upgrade. The only known workaround is to restrict account access. | ||||
| CVE-2025-21546 | 2 Oracle, Redhat | 2 Mysql Server, Enterprise Linux | 2025-02-18 | 3.8 Low |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2023-0664 | 4 Fedoraproject, Microsoft, Qemu and 1 more | 4 Fedora, Windows, Qemu and 1 more | 2025-02-18 | 7.8 High |
| A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system. | ||||
| CVE-2025-23007 | 2025-02-18 | N/A | ||
| A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation. | ||||
| CVE-2017-6894 | 1 Flexera | 2 Flexnet Manager, Flexnet Manager Suite 2015 | 2025-02-18 | 7.8 High |
| A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system. | ||||
| CVE-2024-57778 | 2025-02-18 | 8.8 High | ||
| An issue in Orbe ONetView Roeador Onet-1200 Orbe 1680210096 allows a remote attacker to escalate privileges via the servers response from status code 500 to status code 200. | ||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2025-02-14 | 8.2 High |
| Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense. | ||||
| CVE-2021-25337 | 1 Samsung | 1 Android | 2025-02-14 | 4.4 Medium |
| Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | ||||
| CVE-2022-48227 | 1 Gbgplc | 1 Acuant Asureid Sentinel | 2025-02-13 | 7.8 High |
| An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361. | ||||