4870 results (0.002 seconds)

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

21 Aug 2025 — Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges. • https://community.ui.com/releases/Security-Advisory-Bulletin-053/b0c4aa38-90aa-412d-b5b9-6395e057d822 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

21 Aug 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. ... An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

19 Aug 2025 — A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization • https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html • CWE-862: Missing Authorization •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

18 Aug 2025 — An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. • https://iknow.lenovo.com.cn/detail/430658 • CWE-276: Incorrect Default Permissions •

CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0

18 Aug 2025 — IBM Storage Virtualize 8.4, 8.5, 8.6, and 8.7 could allow an authenticated user to escalate their privileges in an SSH session due to incorrect authorization checks to access resources. • https://www.ibm.com/support/pages/node/7240796 • CWE-863: Incorrect Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

13 Aug 2025 — A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. • https://docs.aws.amazon.com/emr/latest/ReleaseGuide/emr-release-app-versions-7.x.html • CWE-257: Storing Passwords in a Recoverable Format •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

13 Aug 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. •

CVSS: 8.3EPSS: 0%CPEs: 5EXPL: 0

12 Aug 2025 — An incorrect privilege assignment vulnerability [CWE-266] in FortiOS Security Fabric version 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2 all versions, 7.0 all versions, 6.4 all versions, may allow a remote authenticated attacker with high privileges to escalate their privileges to super-admin via registering the device to a malicious FortiManager. • https://fortiguard.fortinet.com/psirt/FG-IR-25-173 • CWE-266: Incorrect Privilege Assignment •

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

12 Aug 2025 — These scripts may be used to escalate privileges within the application or compromise sensitive user data. • https://helpx.adobe.com/security/products/magento/apsb25-71.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 21EXPL: 0

12 Aug 2025 — Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53723 • CWE-122: Heap-based Buffer Overflow CWE-197: Numeric Truncation Error •