Search Results (9546 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-13918 2 Broadcom, Symantec 2 Symantec Endpoint Protection, Endpoint Protection 2026-04-15 6.7 Medium
Symantec Endpoint Protection, prior to 14.3 RU10 Patch 1, RU9 Patch 2, and RU8 Patch 3, may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
CVE-2025-4136 1 Weitong 1 Mall 2026-04-15 5.4 Medium
A vulnerability was found in Weitong Mall 1.0.0. It has been classified as critical. This affects an unknown part of the component Sale Endpoint. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-4681 2026-04-15 N/A
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-14975 1 Wordpress 1 Wordpress 2026-04-15 8.1 High
The Custom Login Page Customizer WordPress plugin before 2.5.4 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
CVE-2025-15030 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
The User Profile Builder WordPress plugin before 3.15.2 does not have a proper password reset process, allowing a few unauthenticated requests to reset the password of any user by knowing their username, such as administrator ones, and therefore gain access to their account
CVE-2025-22247 2026-04-15 6.1 Medium
VMware Tools contains an insecure file handling vulnerability. A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigger insecure file operations within that VM.
CVE-2025-2843 1 Redhat 1 Cluster Observability Operator 2026-04-15 8.8 High
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.
CVE-2013-10052 2 Zpanel, Zpanel Project 2 Zpanel, Zpanel 2026-04-15 N/A
ZPanel includes a helper binary named zsudo, intended to allow restricted privilege escalation for administrative tasks. However, when misconfigured in /etc/sudoers, zsudo can be invoked by low-privileged users to execute arbitrary commands as root. This flaw enables local attackers with shell access to escalate privileges by writing a payload to a writable directory and executing it via zsudo. The vulnerability is particularly impactful in post-exploitation scenarios following web server compromise, where the attacker inherits access to zsudo.
CVE-2021-43768 1 Malwarebytes 1 Malwarebytes 2026-04-15 5.3 Medium
In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe.
CVE-2025-1806 2026-04-15 4.3 Medium
A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.5.27.0 is able to address this issue.
CVE-2025-1815 2026-04-15 7.3 High
A vulnerability, which was classified as critical, was found in pbrong hrms up to 1.0.1. This affects the function HrmsDB of the file \resource\resource.go. The manipulation of the argument user_cookie leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-0139 2026-04-15 N/A
An incorrect privilege assignment vulnerability in Palo Alto Networks Autonomous Digital Experience Manager allows a locally authenticated low privileged user on macOS endpoints to escalate their privileges to root.
CVE-2025-0131 1 Opswat 1 Metadefender Endpoint Security Sdk 2026-04-15 N/A
An incorrect privilege management vulnerability in the OPSWAT MetaDefender Endpoint Security SDK used by the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user also successfully exploits a race condition, which makes this vulnerability difficult to exploit.
CVE-2024-57967 1 Cyberark 1 Privileged Access Manager 2026-04-15 4.2 Medium
PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping.
CVE-2025-34251 2 Google, Tesla 4 Android, Telematics Control Unit, Tesla and 1 more 2026-04-15 N/A
Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges.
CVE-2025-2345 2026-04-15 9.8 Critical
A vulnerability, which was classified as very critical, was found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. This affects an unknown part. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-9479 1 Upkeeper Solutions 1 Upkeeper Instant Privlege Access 2026-04-15 N/A
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.
CVE-2024-9476 2026-04-15 4.9 Medium
A vulnerability in Grafana Labs Grafana OSS and Enterprise allows Privilege Escalation allows users to gain access to resources from other organizations within the same Grafana instance via the Grafana Cloud Migration Assistant.This vulnerability will only affect users who utilize the Organizations feature to isolate resources on their Grafana instance.
CVE-2025-0416 1 Valmet 1 Dna 2026-04-15 N/A
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
CVE-2024-9478 1 Upkeeper Solutions 1 Upkeeper Instant Privlege Access 2026-04-15 N/A
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2.