4458 results (0.026 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

28 Mar 2025 — This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00005 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

28 Mar 2025 — This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. • https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00004 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

28 Mar 2025 — Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. • https://github.com/google/gvisor/commit/586c38d70081b13b2ed494cef48e99b93956843e • CWE-269: Improper Privilege Management •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0

28 Mar 2025 — A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. • https://github.com/publify/publify/security/advisories/GHSA-8fm5-gg2f-f66q • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1

27 Mar 2025 — A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges (e.g., subscriber) to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint. • https://packetstorm.news/files/id/190109 • CWE-862: Missing Authorization •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0

27 Mar 2025 — A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges. • https://www.exim.org/static/doc/security/CVE-2025-30232.txt • CWE-416: Use After Free •

CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0

26 Mar 2025 — Local privilege escalation due to a binary hijacking vulnerability. • https://security-advisory.acronis.com/advisories/SEC-8414 • CWE-426: Untrusted Search Path •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

26 Mar 2025 — HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. • https://github.com/simalamuel/Research/tree/main/CVE-2025-25535 • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

25 Mar 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Bdrive NetDrive. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. •