4841 results (0.010 seconds)

CVSS: 8.4EPSS: %CPEs: 1EXPL: 0

09 Jul 2025 — An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on enables a locally authenticated non administrative user to escalate their privileges to root on macOS and Linux or NT AUTHORITY\SYSTEM on Windows. • https://security.paloaltonetworks.com/CVE-2025-0141 • CWE-426: Untrusted Search Path •

CVSS: 7.8EPSS: %CPEs: 1EXPL: 0

09 Jul 2025 — An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root. • https://security.paloaltonetworks.com/CVE-2025-0139 • CWE-266: Incorrect Privilege Assignment •

CVSS: 4.1EPSS: %CPEs: -EXPL: 0

09 Jul 2025 — This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks. • https://github.com/wrathfulDiety/CVE-2025-52357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

08 Jul 2025 — Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS • https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694820 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

08 Jul 2025 — A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion. • https://support.hp.com/us-en/document/ish_12715930-12715980-16/hpsbgn04031 • CWE-269: Improper Privilege Management •

CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0

08 Jul 2025 — An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation. • https://certvde.com/de/advisories/VDE-2025-019 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

08 Jul 2025 — A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

08 Jul 2025 — A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 0%CPEs: -EXPL: 0

08 Jul 2025 — Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. • https://www.advancedinstaller.com/advanced-installer-security-fixes-retrospective.html • CWE-266: Incorrect Privilege Assignment •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

08 Jul 2025 — Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft PC Manager. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47993 • CWE-284: Improper Access Control •