Loading...
Loading...
4,227 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
In Wi-Fi, there is a permissions bypass. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android…
In Settings, there is a possible way to bypass factory reset permissions due to a permissions bypass. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User …
In RestrictionsManager, there is a possible way to send a broadcast that should be restricted to system apps due to a permissions bypass. This could lead to local escalation of privilege on an enterprise managed device with no additional e…
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. U…
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional e…
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed f…
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges ne…
Improper Privilege Management in GitHub repository nocodb/nocodb prior to 0.91.7+.
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of …
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system as the root user. The attacker must be authenticated on the affected …
A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attac…
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enfo…
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability exists because administ…
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an a…
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an authenticated, local attacker to elevate privileges on an affected device. These vulnerabilities are due to insufficient input validation during CLI command execution on an a…
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco FirePOWER Software for Adaptive Security Appliance (ASA) FirePOWER module, Cisco Firepower Management Center (FMC) Software, and Cisco Next-Generati…
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).
Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.
Improper access control in the Intel(R) Edge Insights for Industrial software before version 2.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to …
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.34 and prior, 7.5.24 and prior, 7.6.20 and prior and 8.0.27 and prior. Difficult to exploit vulnerabilit…
IPython (Interactive Python) is a command shell for interactive computing in multiple programming languages, originally developed for the Python programming language. Affected versions are subject to an arbitrary code execution vulnerabili…
An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in i…
Virtual Machine IDE Drive Elevation of Privilege Vulnerability
Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Windows DWM Core Library Elevation of Privilege Vulnerability
Active Directory Domain Services Elevation of Privilege Vulnerability
Windows Bind Filter Driver Elevation of Privilege Vulnerability
Windows Accounts Control Elevation of Privilege Vulnerability
Windows AppContracts API Server Elevation of Privilege Vulnerability
Task Flow Data Engine Elevation of Privilege Vulnerability
Windows Application Model Core API Elevation of Privilege Vulnerability
Windows StateRepository API Server file Elevation of Privilege Vulnerability
Windows UI Immersive Server API Elevation of Privilege Vulnerability
Connected Devices Platform Service Elevation of Privilege Vulnerability
Windows System Launcher Elevation of Privilege Vulnerability
Windows Push Notifications Apps Elevation of Privilege Vulnerability
Windows Devices Human Interface Elevation of Privilege Vulnerability
Clipboard User Service Elevation of Privilege Vulnerability
Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability
Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability
Windows Event Tracing Elevation of Privilege Vulnerability
Tile Data Repository Elevation of Privilege Vulnerability
Windows Storage Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
Win32k Elevation of Privilege Vulnerability
Local Security Authority Subsystem Service Elevation of Privilege Vulnerability
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
EchelonGraph correlates every CVE — across CWE-269 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →