Page 99 of 3547 results (0.027 seconds)

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. • https://gist.github.com/DMIND-NLL/b61b8d8d20271adf60fc717b3b48faff • CWE-269: Improper Privilege Management •

CVSS: 4.5EPSS: 0%CPEs: 4EXPL: 1

A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. • https://github.com/Hagrid29/CVE-2024-2432-PaloAlto-GlobalProtect-EoP https://security.paloaltonetworks.com/CVE-2024-2432 • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

This makes it possible for unauthenticated attackers to escalate their privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-privilege-escalation-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator. • https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89 https://wordpress.org/plugins/miniorange-malware-protection https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve • CWE-304: Missing Critical Step in Authentication •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

Microsoft Office Elevation of Privilege Vulnerability Vulnerabilidad de elevación de privilegios de Microsoft Office This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Office. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •