Total
2615 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34146 | 1 Jenkins | 1 Git Server | 2025-10-10 | 6.5 Medium |
| Jenkins Git server Plugin 114.v068a_c7cc2574 and earlier does not perform a permission check for read access to a Git repository over SSH, allowing attackers with a previously configured SSH public key but lacking Overall/Read permission to access these repositories. | ||||
| CVE-2025-6943 | 1 Delinea | 1 Secret Server | 2025-10-10 | 3.8 Low |
| Secret Server version 11.7 and earlier is vulnerable to a SQL report creation vulnerability that allows an administrator to gain access to restricted tables. | ||||
| CVE-2023-36024 | 1 Microsoft | 1 Edge Chromium | 2025-10-08 | 7.1 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2025-55187 | 1 Drivelock | 1 Drivelock | 2025-10-08 | 9.9 Critical |
| In DriveLock 24.1.4 before 24.1.5, 24.2.5 before 24.2.6, and 25.1.2 before 25.1.4, attackers can gain elevated privileges. | ||||
| CVE-2024-4555 | 2 Microfocus, Netiq | 2 Netiq Access Manager, Access Manager | 2025-10-06 | 7.7 High |
| Improper Privilege Management vulnerability in OpenText NetIQ Access Manager allows user account impersonation in specific scenario. This issue affects NetIQ Access Manager before 5.0.4.1 and before 5.1 | ||||
| CVE-2025-57396 | 1 Tandoor | 1 Recipes | 2025-10-03 | 6.5 Medium |
| Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or administrative. Consequently, any user can escalate their privileges to the highest level. | ||||
| CVE-2025-57443 | 2 Apple, Frostwire | 2 Macos, Frostwire | 2025-10-03 | 5.1 Medium |
| FrostWire 6.14.0-build-326 for macOS contains permissive entitlements (allow-dyld-environment-variables, disable-library-validation) that allow unprivileged local attackers to inject code into the FrostWire process via the DYLD_INSERT_LIBRARIES environment variable. This allows escalated privileges to arbitrary TCC-approved directories. | ||||
| CVE-2024-44893 | 1 Jeecg | 1 Jimureport | 2025-09-29 | 9.8 Critical |
| An issue in the component /jeecg-boot/jmreport/dict/list of JimuReport v1.7.8 allows attacker to escalate privileges via a crafted GET request. | ||||
| CVE-2024-2431 | 2 Palo Alto Networks, Paloaltonetworks | 2 Globalprotect App, Globalprotect | 2025-09-26 | 5.5 Medium |
| An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. | ||||
| CVE-2024-2432 | 2 Palo Alto Networks, Paloaltonetworks | 2 Globalprotect App, Globalprotect | 2025-09-26 | 4.5 Medium |
| A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. | ||||
| CVE-2024-45297 | 1 Discourse | 1 Discourse | 2025-09-25 | 5.3 Medium |
| Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-54761 | 2 Ppress, Yandaozi | 2 Cms, Ppress | 2025-09-25 | 8 High |
| An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie. | ||||
| CVE-2023-4662 | 1 Adobe | 1 Connect | 2025-09-24 | 9.8 Critical |
| Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. | ||||
| CVE-2025-9038 | 2025-09-24 | N/A | ||
| Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | ||||
| CVE-2024-47853 | 1 Mahara | 1 Mahara | 2025-09-22 | 8.8 High |
| An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI). | ||||
| CVE-2025-58432 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2025-09-22 | 7.8 High |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT. | ||||
| CVE-2021-42082 | 1 Osnexus | 1 Quantastor | 2025-09-22 | 7.8 High |
| Local users are able to execute scripts under root privileges. POC On the local host run the following command: curl 'localhost:8154/qstor/qs_upgrade.py?taskId=1&a=;`whoami`' | ||||
| CVE-2024-0082 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-18 | 8.2 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in the UI, where an attacker can cause improper privilege management by sending open file requests to the application. A successful exploit of this vulnerability might lead to local escalation of privileges, information disclosure, and data tampering | ||||
| CVE-2025-57118 | 1 Phpgurukul | 1 Online Library Management System | 2025-09-18 | 9.8 Critical |
| An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php | ||||
| CVE-2024-0097 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 7.5 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||