Page 3 of 4469 results (0.392 seconds)

CVSS: 9.1EPSS: 0%CPEs: -EXPL: 0

03 Mar 2025 — This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. • https://github.com/VvV1per/Vulnerability-Research-CVEs/tree/main/CVE-2024-89640 • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 0%CPEs: -EXPL: 1

03 Mar 2025 — Cross Site Request Forgery vulnerability in sell done storefront v.1.0 allows a remote attacker to escalate privileges via the index.html component • https://github.com/xibhi/CVE-2025-26206 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/MONGOSH-2028 • CWE-426: Untrusted Search Path •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

27 Feb 2025 — MongoDB Compass may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privileges, when a crafted file is stored in C:\node_modules\. • https://jira.mongodb.org/browse/COMPASS-9058 • CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

26 Feb 2025 — Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows installed, via the manipulation of COM objects under certain circumstances where an EPM policy allows for automatic privilege elevation of a user process. • https://www.beyondtrust.com/trust-center/security-advisories/bt25-01 • CWE-268: Privilege Chaining •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

25 Feb 2025 — This library initialization could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. Gradle builds that rely on versions of net.rubygrapefruit:native-platform prior to 0.22-milestone-28 could be vulnerable to a local privilege escalation from an attacker quickly deleting and recreating files in the system temporary directory. • https://en.wikipedia.org/wiki/Fstab#Options_common_to_all_filesystems • CWE-378: Creation of Temporary File With Insecure Permissions CWE-379: Creation of Temporary File in Directory with Insecure Permissions •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26601 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26600 • CWE-416: Use After Free •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26599 • CWE-824: Access of Uninitialized Pointer •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

25 Feb 2025 — This vulnerability allows local attackers to escalate privileges on affected installations of X.Org Server. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://access.redhat.com/security/cve/CVE-2025-26598 • CWE-787: Out-of-bounds Write •