Loading...
Loading...
4,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Windows NTFS Elevation of Privilege Vulnerability
Windows NTLM Elevation of Privilege Vulnerability
Windows InstallService Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Windows GPSVC Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
An elevation of privilege vulnerability in the message broker of BlackBerry Protect for Windows version(s) versions 1574 and earlier could allow an attacker to potentially execute code in the context of a BlackBerry Cylance service that ha…
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for S…
EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates.
Trend Micro Home Network Security version 6.6.604 and earlier is vulnerable to an iotcl stack-based buffer overflow vulnerability which could allow an attacker to issue a specially crafted iotcl to escalate privileges on affected devices. …
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges to view the restricted Dashboard.
Acronis True Image prior to 2021 Update 5 for Windows allowed local privilege escalation due to insecure folder permissions.
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow pri…
The Flask-Caching extension through 1.10.1 for Flask relies on Pickle for serialization, which may lead to remote code execution or local privilege escalation. If an attacker gains access to cache storage (e.g., filesystem, Memcached, Redi…
Improper access control in the software installer for the Intel(R) NUC HDMI Firmware Update Tool for NUC8i3BE, NUC8i5BE, NUC8i7BE before version 1.78.4.0.4 may allow an authenticated user to potentially enable escalation of privilege via l…
Western Digital EdgeRover before 0.25 has an escalation of privileges vulnerability where a low privileged user could load malicious content into directories with higher privileges, because of how Node.js is used. An attacker can gain admi…
Multiple privilege escalation vulnerabilities in RaspAP 1.5 to 2.6.5 could allow an authenticated remote attacker to inject arbitrary commands to /installers/common.sh component that can result in remote command execution with root privile…
A local malicious user can circumvent the Falco detection engine through 0.28.1 by running a program that alters arguments of system calls being executed. Issue is fixed in Falco versions >= 0.29.1.
In MB connect line mbDIALUP versions <= 3.9R0.0 a low privileged local attacker can send a command to the service running with NT AUTHORITY\SYSTEM instructing it to execute a malicous OpenVPN configuration resulting in arbitrary code execu…
In MB connect line mbDIALUP versions <= 3.9R0.0 a remote attacker can send a specifically crafted HTTP request to the service running with NT AUTHORITY\SYSTEM that will not correctly validate the input. This can lead to an arbitrary code e…
In Weidmueller Industrial WLAN devices in multiple versions an exploitable improper access control vulnerability exists in the iw_webs account settings functionality. A specially crafted user name entry can cause the overwrite of an existi…
Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities.
Microsoft DWM Core Library Elevation of Privilege Vulnerability
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Windows Projected File System Elevation of Privilege Vulnerability
Windows Secure Kernel Mode Security Feature Bypass Vulnerability
Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Desktop Bridge Elevation of Privilege Vulnerability
An issue was discovered in Cuppa CMS Versions Before 31 Jan 2021 allows authenticated attackers to gain escalated privileges via a crafted POST request using the user_group_id_field parameter.
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
Microsoft Exchange Server Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.
HP Print and Scan Doctor, an application within the HP Smart App for Windows, is potentially vulnerable to local elevation of privilege.
The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege esca…
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for C…
A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root.
During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM …
During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result i…
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Windows File History Service Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Windows AppContainer Elevation Of Privilege Vulnerability
Storage Spaces Controller Elevation of Privilege Vulnerability
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →