Page 5 of 3807 results (0.027 seconds)

CVSS: 6.4EPSS: 0%CPEs: -EXPL: 0

07 May 2025 — Cross Site Scripting vulnerability in Koillection v.1.6.10 allows a remote attacker to escalate privileges via the collection, Wishlist and album components • https://gist.github.com/unklerunkle/73e2ab58d1a5b9129be5de55765ea4fe • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

06 May 2025 — An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. • https://github.com/rfxn/linux-malware-detect • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

01 May 2025 — This vulnerability allows remote attackers to escalate privileges on affected installations of Webmin. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0

30 Apr 2025 — GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. An attacker can leverage this vulnerability to escalate ... • https://www.zerodayinitiative.com/advisories/ZDI-25-268 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

29 Apr 2025 — An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1915280 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

29 Apr 2025 — Modification of specific WebGL shader attributes could trigger an out-of-bounds read, which, when chained with other vulnerabilities, could be used to escalate privileges. • https://bugzilla.mozilla.org/show_bug.cgi?id=1937097 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

29 Apr 2025 — An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function • https://github.com/CVEProject/docs/blob/gh-pages/requester/reservation-guidelines.md • CWE-269: Improper Privilege Management CWE-284: Improper Access Control •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

28 Apr 2025 — A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. ... A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. • https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1

28 Apr 2025 — GFI MailEssentials prior to version 21.8 is vulnerable to a local privilege escalation issue. • https://frycos.github.io/vulns4free/2025/04/28/mailessentials.html • CWE-502: Deserialization of Untrusted Data •

CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0

24 Apr 2025 — Local privilege escalation due to insecure folder permissions. • https://security-advisory.acronis.com/advisories/SEC-8035 • CWE-732: Incorrect Permission Assignment for Critical Resource •