Page 2 of 7989 results (0.031 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. • https://forums.ivanti.com/s/article/March-Security-Advisory-Ivanti-Secure-Access-Client-ISAC-CVE-2025-22454 • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.4EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — This could allow an authenticated remote administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •

CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0

11 Mar 2025 — This could allow an authenticated local administrator to escalate privileges by injecting arbitrary commands that are executed with root privileges. • https://cert-portal.siemens.com/productcert/html/ssa-515903.html • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

11 Mar 2025 — OData Service in Manage Purchasing Info Records does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on integrity of the application. • https://me.sap.com/notes/3474392 • CWE-862: Missing Authorization •

CVSS: 3.1EPSS: 0%CPEs: 5EXPL: 0

11 Mar 2025 — SAP Just In Time(JIT) does not perform necessary authorization checks for an authenticated user, allowing attacker to escalate privileges that would otherwise be restricted, potentially causing a low impact on the integrity of the application.Confidentiality and Availability are not impacted. • https://me.sap.com/notes/3347991 • CWE-862: Missing Authorization •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

10 Mar 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •

CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0

10 Mar 2025 — This could lead to local escalation of privilege with no additional execution privileges needed. • https://source.android.com/docs/security/bulletin/pixel-watch/2025/2025-03-01 • CWE-281: Improper Preservation of Permissions •

CVSS: 8.0EPSS: 0%CPEs: -EXPL: 0

10 Mar 2025 — Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code. • https://www.gevernova.com/grid-solutions/app/DownloadFile.aspx?prod=urfamily&type=21&file=76 • CWE-798: Use of Hard-coded Credentials •

CVSS: -EPSS: 0%CPEs: -EXPL: 1

07 Mar 2025 — An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function OpenPanel version 0.3.4 suffers from a directory traversal vulnerability in the fix permission functionality. • https://packetstorm.news/files/id/189621 •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

06 Mar 2025 — An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key Un problema en TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 y anteriores permite que un atacante físicamente próximo escale privilegios a través de la clave de almacenamiento local "2fa_authorized" • https://piuswalter.de/blog/2fa-bypass-and-deactivation-attack-in-mytaag • CWE-287: Improper Authentication •