4405 results (0.022 seconds)

CVSS: -EPSS: %CPEs: 7EXPL: 0

10 Feb 2025 — The overflow may cause local privilege escalation. • https://git.kernel.org/stable/c/dcc68b4d8084e1ac9af0d4022d6b1aff6a139a33 •

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 1

07 Feb 2025 — An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register. • https://github.com/ainrm/Jrohy-trojan-unauth-poc • CWE-269: Improper Privilege Management •

CVSS: 6.8EPSS: 0%CPEs: -EXPL: 1

06 Feb 2025 — A cross-site request forgery (CSRF) vulnerability in the pjActionUpdate function of PHPJabbers Cinema Booking System v2.0 allows remote attackers to escalate privileges by tricking an authenticated admin into submitting an unauthorized request. • https://github.com/ahrixia/CVE-2024-57429 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

05 Feb 2025 — A local user with minimal privileges is able to make use of an access token for materials for scopes which it should not be accepted. • https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/05206e72cae35b311615a70e51e1a946955c5e83 • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-276: Incorrect Default Permissions •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

04 Feb 2025 — Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a logic flaw. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed. Successful exploitation of this ... • https://static.omnissa.com/sites/default/files/OMSA-2024-0002.pdf • CWE-269: Improper Privilege Management •

CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0

04 Feb 2025 — An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to superuser within a targeted Cassandra cluster via unsafe actions to a system resource. • https://lists.apache.org/thread/jmks4msbgkl65ssg69x728sv1m0hwz3s • CWE-267: Privilege Defined With Unsafe Actions •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

04 Feb 2025 — Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. An attack... • https://kb.parallels.com/130212 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

03 Feb 2025 — The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability due to improper ACL of the non-default installation directory. ... Many DLLs are loaded from the installation folder and by creating a malicious DLLs that exports the functions of a legit one (and that is not found on the system where the agent is installed, such as rsync.dll) it is possible to escalate privileges from a low-privileged user and obtain code execution under the context of NT AUT... • https://github.com/wazuh/wazuh/security/advisories/GHSA-pmr2-2r83-h3cv • CWE-284: Improper Access Control •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

03 Feb 2025 — Cross Site Scripting vulnerability in sayski ForestBlog 20241223 allows a remote attacker to escalate privileges via the article editing function. • https://gist.github.com/Catherines77/ac0b554f3d755879eb12bfd69ef585b1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •