Page 2 of 7967 results (0.150 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante remoto escale privilegios a través del endpoint "/user" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

05 Mar 2025 — Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007. • https://help.printerlogic.com/saas/Print/Security/Security-Bulletins.htm • CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

04 Mar 2025 — This could result in an attacker being able to escalate privileges for themselves or others. • https://www.cisa.gov/news-events/ics-advisories/icsa-25-063-07 • CWE-266: Incorrect Privilege Assignment •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

03 Mar 2025 — This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

03 Mar 2025 — This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. • https://corp.mediatek.com/product-security-bulletin/March-2025 • CWE-787: Out-of-bounds Write •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1

03 Mar 2025 — Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component • https://github.com/xibhi/CVE-2025-26206 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

03 Mar 2025 — This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640 • CWE-862: Missing Authorization •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/MONGOSH-2028 • CWE-426: Untrusted Search Path •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

27 Feb 2025 — In XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation. • https://community.extremenetworks.com/t5/security-advisories-formerly/sa-2024-104-xiq-se-path-traversal-privilege-escalation-cve-2024/ba-p/116362 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •