CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2026-44029
https://notcve.org/view.php?id=CVE-2026-44029
05 May 2026 — An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7); • https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407 • CWE-36: Absolute Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2026-44028
https://notcve.org/view.php?id=CVE-2026-44028
05 May 2026 — An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a stack-to-heap overflow when the parser is run on a coroutine stack. The stack is allocated without a guard page, which means that a stack overflow could overwrite memory on the heap and could allow arbitrary code execution as the Nix daemon (run as root in multi-user installations) if ASLR hardening is bypassed. This can be exploited by all users able to connect to the daem... • https://discourse.nixos.org/t/security-advisory-local-privilege-escalation-in-lix-and-nix/77407 • CWE-674: Uncontrolled Recursion •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-7791
https://notcve.org/view.php?id=CVE-2026-7791
04 May 2026 — Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leading to local privilege escalation to SYSTEM. • https://aws.amazon.com/security/security-bulletins/2026-025-aws • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.7EPSS: 0%CPEs: -EXPL: 0CVE-2026-31205
https://notcve.org/view.php?id=CVE-2026-31205
04 May 2026 — Cross Site Scripting vulnerability in Pluck CMS before v.4.7.21dev allows a remote attacker to escalate privileges via the editpage.php and the sanitizePageContent function • https://github.com/pluck-cms/pluck/blob/main/data/inc/editpage.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-7641 – Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields
https://notcve.org/view.php?id=CVE-2026-7641
02 May 2026 — This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator on any subsite within the Multisite network by submitting a crafted profile update to `/wp-admin/profile.php`. • https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.6/classes/columns.php#L198 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-52347
https://notcve.org/view.php?id=CVE-2025-52347
01 May 2026 — An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call. • https://github.com/netero1010/Vulnerability-Disclosure/tree/main/CVE-2025-52347 • CWE-20: Improper Input Validation CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6389 – IBM Turbonomic Prometurbo agent used by IBM Turbonomic Application Resource Management is affected by a single vulnerability
https://notcve.org/view.php?id=CVE-2026-6389
30 Apr 2026 — An attacker that compromises the operator or its service account can exfiltrate sensitive credentials, escalate privileges, and potentially achieve full cluster compromise. • https://www.ibm.com/support/pages/node/7270720 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 37EXPL: 0CVE-2026-7270 – Local privilege escalation via execve()
https://notcve.org/view.php?id=CVE-2026-7270
30 Apr 2026 — The bug may be exploitable by an unprivileged user to obtain superuser privileges. • https://security.freebsd.org/advisories/FreeBSD-SA-26:13.exec.asc • CWE-783: Operator Precedence Logic Error •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-41220
https://notcve.org/view.php?id=CVE-2026-41220
29 Apr 2026 — Local privilege escalation due to improper input validation. • https://security-advisory.acronis.com/advisories/SEC-10296 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2026-41952
https://notcve.org/view.php?id=CVE-2026-41952
29 Apr 2026 — Local privilege escalation due to improper input validation. • https://security-advisory.acronis.com/advisories/SEC-7790 • CWE-123: Write-what-where Condition •