3591 results (0.179 seconds)

CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0

17 Jan 2025 — The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. • https://github.com/exelban/stats/commit/c10759f7a186efdd82ddd818dae2ac1f853691fc • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

16 Jan 2025 — Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. • https://github.com/php-lover-boy/ChatVia •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

15 Jan 2025 — These API keys can be used to escalate privileges to the server admin role. • https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

15 Jan 2025 — In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. • https://www.yubico.com/support/security-advisories/ysa-2025-01 • CWE-394: Unexpected Status Code or Return Value •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

14 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of Adobe Photoshop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. • https://helpx.adobe.com/security/products/photoshop/apsb25-02.html • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 23EXPL: 0

14 Jan 2025 — Windows Installer Elevation of Privilege Vulnerability This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21331 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

13 Jan 2025 — An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. • https://github.com/Lorenzo-de-Sa/Vulnerability-Research • CWE-522: Insufficiently Protected Credentials •

CVSS: 8.5EPSS: 0%CPEs: 22EXPL: 0

12 Jan 2025 — A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. • https://winslow1984.com/books/cve-collection/page/stats-v21122-local-privilege-escalation • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 0

09 Jan 2025 — Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field • https://support.neat.no/article/devices-running-microsoft-teams-allow-for-buffer-overflow-vulnerability • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 Jan 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of SonicWALL NSv. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 • CWE-269: Improper Privilege Management •