CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2026-6228 – Frontend Admin by DynamiApps <= 3.28.36 - Unauthenticated Privilege Escalation via Edit User Form
https://notcve.org/view.php?id=CVE-2026-6228
15 May 2026 — This makes it possible for unauthenticated attackers to first register as editors (via a public new_user form), then create an edit_user form with administrator in the allowed roles, and finally use that form to escalate their own privileges to administrator. • https://plugins.trac.wordpress.org/browser/acf-frontend-form-element/trunk/main/admin/admin-pages/forms/post-types.php#L53 • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0CVE-2026-41702 – TOCTOU local privilege escalation vulnerability
https://notcve.org/view.php?id=CVE-2026-41702
15 May 2026 — A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed. • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/37454 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-54517
https://notcve.org/view.php?id=CVE-2025-54517
15 May 2026 — Out of bounds write in AMD AMDGV_CMD_GET_DIAG_DATA ioctl handler could allow a local user to escalate privileges via remote code execution. • https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-6027.html • CWE-787: Out-of-bounds Write •
CVSS: 8.5EPSS: 0%CPEs: -EXPL: 0CVE-2026-7373 – Metasploit Pro on Windows: Local Privilege Escalation via OpenSSL Configuration File Loading
https://notcve.org/view.php?id=CVE-2026-7373
15 May 2026 — Rapid7 Metasploit Pro is vulnerable to a local privilege escalation attack that allows users to gain SYSTEM level control of a Windows host. • https://docs.rapid7.com/insight/metasploit-pro-release-notes • CWE-284: Improper Access Control CWE-427: Uncontrolled Search Path Element CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 7.1EPSS: 0%CPEs: 10EXPL: 0CVE-2026-32991
https://notcve.org/view.php?id=CVE-2026-32991
13 May 2026 — Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account. • https://support.cpanel.net/hc/en-us/articles/40437254183959-Security-CVE-2026-32991-cPanel-WHM-WP2-Security-Update-May-13-2026 • CWE-863: Incorrect Authorization •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2026-44380 – MISP: Improper access control in auth key reset allows privilege escalation to site administrator
https://notcve.org/view.php?id=CVE-2026-44380
13 May 2026 — Because non-site administrators were not explicitly prevented from accessing or resetting site administrator auth keys, an attacker with organization administrator privileges could potentially obtain a newly generated auth key for a higher-privileged account and use it to escalate privileges. • https://github.com/MISP/MISP/security/advisories/GHSA-3939-4g6m-m3hc • CWE-863: Incorrect Authorization •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2026-0242 – Trust Protection Foundation: SQL Injection Vulnerability
https://notcve.org/view.php?id=CVE-2026-0242
13 May 2026 — Successful exploitation could allow an attacker to read sensitive data, modify database contents, and escalate privileges to gain full administrative control of the platform. • https://security.paloaltonetworks.com/CVE-2026-0242 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2026-0246 – Prisma Access Agent: Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2026-0246
13 May 2026 — A vulnerability with a privilege management mechanism in the Palo Alto Networks Prisma Access Agent® enables a locally authenticated non-administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. • https://security.paloaltonetworks.com/CVE-2026-0246 • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2026-0251 – GlobalProtect App: Local Privilege Escalation Vulnerabilities
https://notcve.org/view.php?id=CVE-2026-0251
13 May 2026 — Multiple local privilege escalation vulnerabilities in the Palo Alto Networks GlobalProtect™ app allow a local user to escalate their privileges to NT AUTHORITY\SYSTEM on Windows and root on macOS and Linux. This enables a non-administrative user to execute arbitrary commands with administrative privileges. • https://security.paloaltonetworks.com/CVE-2026-0251 • CWE-426: Untrusted Search Path •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2026-44470 – Claude Desktop: Local Privilege Escalation via Directory Junction in CoworkVMService
https://notcve.org/view.php?id=CVE-2026-44470
13 May 2026 — This could be leveraged for local privilege escalation. • https://github.com/anthropics/claude-code/security/advisories/GHSA-5p5x-5294-qhp3 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-269: Improper Privilege Management •