Page 2 of 4885 results (0.008 seconds)

CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0

18 Jul 2025 — An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. • https://access.redhat.com/security/cve/CVE-2025-7784 • CWE-269: Improper Privilege Management •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

18 Jul 2025 — Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information. • http://agorum.com • CWE-284: Improper Access Control •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A DLL hijacking vulnerability was reported in TrackPoint Quick Menu software that, under certain conditions, could allow a local attacker to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-189489 • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A DLL hijacking vulnerability was reported in the Motorola Software Fix (Rescue and Smart Assistant) installer that could allow a local attacker to escalate privileges during installation of the software. • https://en-us.support.motorola.com/app/answers/detail/a_id/186730/~/motorola-software-fix-installer-vulnerability • CWE-427: Uncontrolled Search Path Element •

CVSS: 8.5EPSS: 0%CPEs: 33EXPL: 0

17 Jul 2025 — An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. • https://support.lenovo.com/us/en/product_security/LEN-182738 • CWE-276: Incorrect Default Permissions •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1

17 Jul 2025 — A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. This vulnerability allows local attackers to escalate privileges on affected installations of NVIDIA Container Toolkit. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the host system. • https://github.com/jpts/cve-2025-23266-poc • CWE-426: Untrusted Search Path •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A vulnerability related to registry permissions in the Intercept X for Windows updater prior to version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-276: Incorrect Default Permissions •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

17 Jul 2025 — A local privilege escalation vulnerability in the Intercept X for Windows installer prior version 1.22 can lead to a local user gaining system level privileges, if the installer is run as SYSTEM. • https://www.sophos.com/en-us/security-advisories/sophos-sa-20250717-cix-lpe • CWE-427: Uncontrolled Search Path Element •

CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 2

15 Jul 2025 — The attacker may escalate privileges to root by exploiting an insecure sudoers configuration that allows the 'mazu' user to execute arbitrary commands as root via SSH key extraction and command chaining. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/riverbed_netprofiler_netexpress_exec.rb • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CWE-266: Incorrect Privilege Assignment CWE-306: Missing Authentication for Critical Function •