Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-33374

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-14 Jun, 2024 | 00:00
Updated At-02 Aug, 2024 | 02:27
Rejected At-
Credits

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:14 Jun, 2024 | 00:00
Updated At:02 Aug, 2024 | 02:27
Rejected At:
▼CVE Numbering Authority (CNA)

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
N/A
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
N/A
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
Resource: N/A
Hyperlink: https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
lb_link
Product
bl_w1210m
CPEs
  • cpe:2.3:a:lb_link:bl_w1210m:2.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.0
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
x_transferred
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
x_transferred
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
Resource:
x_transferred
Hyperlink: https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:14 Jun, 2024 | 15:15
Updated At:17 Jun, 2024 | 18:15

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
CPE Matches
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29cve@mitre.org
N/A
https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/cve@mitre.org
N/A
Hyperlink: https://github.com/ShravanSinghRathore/Security-Advisory-Multiple-Vulnerabilities-in-LB-link-BL-W1210M-Router/wiki/Incorrect-Access-Control-%28CVE%E2%80%902024%E2%80%9033374%29
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-lb-link-bl-w1210m-router/
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

208Records found
CVE-2024-37980
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-7.53% / 91.43%
||
7 Day CHG~0.00%
Published-10 Sep, 2024 | 16:54
Updated-07 Jan, 2025 | 15:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft SQL Server Elevation of Privilege Vulnerability

Microsoft SQL Server Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-sql_server_2016sql_server_2019sql_server_2022sql_server_2017Microsoft SQL Server 2022 for (CU 14)Microsoft SQL Server 2016 Service Pack 3 (GDR)Microsoft SQL Server 2019 (GDR)Microsoft SQL Server 2016 Service Pack 3 Azure Connect Feature PackMicrosoft SQL Server 2017 (GDR)Microsoft SQL Server 2017 (CU 31)Microsoft SQL Server 2019 (CU 28)Microsoft SQL Server 2022 (GDR)
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-37858
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.83%
||
7 Day CHG~0.00%
Published-29 Jul, 2024 | 00:00
Updated-23 Apr, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.

Action-Not Available
Vendor-n/alost_and_found_information_system_projectoretnom23
Product-lost_and_found_information_systemn/alost_and_found_information_system
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-29734
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.30% / 52.43%
||
7 Day CHG~0.00%
Published-30 May, 2023 | 00:00
Updated-14 Jan, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.

Action-Not Available
Vendor-mwmn/a
Product-edjing_mixn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-35700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 40.97%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:40
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.

Action-Not Available
Vendor-userpropluginDeluxeThemes
Product-userproUserpro
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-27645
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.71%
||
7 Day CHG~0.00%
Published-11 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in POWERAMP audioplayer build 925 bundle play and build 954 allows a remote attacker to gain privileges via the reverb and EQ preset parameters.

Action-Not Available
Vendor-powerampappn/a
Product-powerampn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-34331
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.63%
||
7 Day CHG~0.00%
Published-23 Sep, 2024 | 00:00
Updated-26 Sep, 2024 | 13:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

Action-Not Available
Vendor-n/aParallels International Gmbh
Product-n/aparallels_desktop
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-2317
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-0.85% / 74.02%
||
7 Day CHG~0.00%
Published-01 Aug, 2022 | 12:52
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Membership < 4.1.3 - Unauthenticated Membership Privilege Escalation

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the registration stage due to insufficient checking of a user supplied parameter.

Action-Not Available
Vendor-simple-membership-pluginUnknown
Product-simple_membershipSimple Membership
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-10971
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.21%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:39
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.

Action-Not Available
Vendor-membersonicn/a
Product-membersonicn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-27654
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 29.12%
||
7 Day CHG~0.00%
Published-14 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue found in WHOv.1.0.28, v.1.0.30, v.1.0.32 allows an attacker to cause a escalation of privileges via the TTMultiProvider component.

Action-Not Available
Vendor-whoappn/a
Product-whon/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25701
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:40
Updated-02 Aug, 2024 | 11:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WatchTowerHQ plugin <= 3.6.16 - Privilege Escalation

Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

Action-Not Available
Vendor-WhatArmy
Product-WatchTowerHQ
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33552
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.25%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:17
Updated-10 Apr, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress XStore Core plugin <= 5.3.8 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.

Action-Not Available
Vendor-8theme8theme
Product-xstore_coreXStore Core
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-26009
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.45% / 62.69%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:40
Updated-27 Aug, 2025 | 03:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Houzez Login Register plugin <= 2.6.3 - Privilege Escalation

Improper Privilege Management vulnerability in Favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3.

Action-Not Available
Vendor-Favethemesfavethemes
Product-Houzez Login Registerhouzez
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-37927
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.52% / 66.00%
||
7 Day CHG+0.09%
Published-12 Jul, 2024 | 13:59
Updated-02 Aug, 2024 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Jobmonster theme <= 4.7.0 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in NooTheme Jobmonster allows Privilege Escalation.This issue affects Jobmonster: from n/a through 4.7.0.

Action-Not Available
Vendor-NooThemenootheme
Product-Jobmonsterjobmonster
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-25133
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
ShareView Details
Matching Score-4
Assigner-ZUSO Advanced Research Team (ZUSO ART)
CVSS Score-9.1||CRITICAL
EPSS-0.23% / 45.98%
||
7 Day CHG~0.00%
Published-24 Apr, 2023 | 00:00
Updated-04 Feb, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper privilege management vulnerability in CyberPower PowerPanel Business

Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.

Action-Not Available
Vendor-Cyber Power Systems, Inc.
Product-powerpanelPowerPanel Business ManagementPowerPanel Business Local / Remote
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33567
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.75% / 72.11%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:17
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

Action-Not Available
Vendor-UkrSolution
Product-Barcode Scanner with Inventory & Order Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-1966
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.4||HIGH
EPSS-0.30% / 53.04%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 18:06
Updated-16 Jan, 2025 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-1966

Instruments with Illumina Universal Copy Service v1.x and v2.x contain an unnecessary privileges vulnerability. An unauthenticated malicious actor could upload and execute code remotely at the operating system level, which could allow an attacker to change settings, configurations, software, or access sensitive data on the affected product.

Action-Not Available
Vendor-illuminaIllumina
Product-miniseq_firmwarenovaseq_6000_firmwaremiseqnextseq_500iseq_100_firmwareminiseqmiseqdx_firmwarenextseq_1000_firmwarenovaseq_6000iscannextseq_1000miseqdxnextseq_2000_firmwarenextseq_550dxiseq_100nextseq_550dx_firmwarenextseq_550miseq_firmwarenextseq_500_firmwareiscan_firmwarenextseq_2000nextseq_550_firmwareiSeq 100NextSeq 550Dx Control SoftwareNextSeq 550Dx Operating SoftwareMiSeqDx Operating SoftwareNextSeq 1000/2000 Control SoftwareNovaSeq Control SoftwareMiniSeq Control SoftwareNovaSeq 6000 Control SoftwareNextSeq 500/550 Control SoftwareiScan Control SoftwareMiSeq Control Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.43%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-20 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.

Action-Not Available
Vendor-n/akeyfactor
Product-n/acommand
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-31290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.78%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:54
Updated-02 Aug, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Demo My WordPress plugin <= 1.0.9.1 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in CodeRevolution Demo My WordPress allows Privilege Escalation.This issue affects Demo My WordPress: from n/a through 1.0.9.1.

Action-Not Available
Vendor-CodeRevolutioncoderevolution
Product-Demo My WordPressdemo_my_wordpress
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.90% / 85.81%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 00:00
Updated-30 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/aflusity
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2024-32511
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.65% / 69.98%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:55
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Registration for WooCommerce plugin <= 1.5.6 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Astoundify Simple Registration for WooCommerce allows Privilege Escalation.This issue affects Simple Registration for WooCommerce: from n/a through 1.5.6.

Action-Not Available
Vendor-Astoundifyastoundify
Product-Simple Registration for WooCommercesimple_registration_for_woocommerce
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-20361
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-6.5||MEDIUM
EPSS-0.58% / 67.81%
||
7 Day CHG-1.21%
Published-09 Aug, 2022 | 20:25
Updated-27 Aug, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-30542
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.07%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:52
Updated-21 Mar, 2025 | 18:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WholesaleX plugin <= 1.3.2 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.

Action-Not Available
Vendor-wpxpoWholesale
Product-wholesalexWholesaleX
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-3057
Matching Score-4
Assigner-Pure Storage, Inc.
ShareView Details
Matching Score-4
Assigner-Pure Storage, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 42.01%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 16:50
Updated-10 Apr, 2025 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Action-Not Available
Vendor-PureStoragepurestorage
Product-FlashArrayflasharray
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48353
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-24 Feb, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause kernel privilege escalation, which results in system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48284
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.46%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hilink_ai_lifeHarmonyOS AILife Solution 6.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48283
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.46%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 00:00
Updated-11 Mar, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A piece of Huawei whole-home intelligence software has an Incorrect Privilege Assignment vulnerability. Successful exploitation of this vulnerability could allow attackers to access restricted functions.

Action-Not Available
Vendor-n/aHuawei Technologies Co., Ltd.
Product-hilink_ai_lifeHarmonyOS AILife Solution 6.0
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-15390
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.44%
||
7 Day CHG~0.00%
Published-12 Apr, 2021 | 18:18
Updated-04 Aug, 2024 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.

Action-Not Available
Vendor-pegan/a
Product-pega_platformn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38770
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 30.83%
||
7 Day CHG-0.19%
Published-01 Aug, 2024 | 20:57
Updated-07 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.

Action-Not Available
Vendor-Revmakxrevmakx
Product-Backup and Staging by WP Time Capsulebackup_and_staging_by_wp_time_capsule
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-46327
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.56%
||
7 Day CHG~0.00%
Published-20 Dec, 2022 | 00:00
Updated-17 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some smartphones have configuration issues. Successful exploitation of this vulnerability may cause privilege escalation, which results in system service exceptions.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-29667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-29 Mar, 2024 | 00:00
Updated-25 Mar, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.

Action-Not Available
Vendor-n/atongtianxing_technology_co_ltd
Product-n/acmsv6
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-45963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.03% / 8.56%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

h3c firewall <= 3.10 ESS6703 has a privilege bypass vulnerability.

Action-Not Available
Vendor-n/aNew H3C Technologies Co., Ltd.
Product-secpath_f5030-dsecpath_f5020secpath_f100-c-g3_firmwaresecpath_f100-c-g3secpath_f5030_firmwaresecpath_f5010_firmwaresecpath_f500-6gw_firmwaresecpath_f500-6gwsecpath_f5080-dsecpath_f5060_firmwaresecpath_f5060-dsecpath_f5080secpath_f5010secpath_f5030-d_firmwaresecpath_f5020_firmwaresecpath_f5060secpath_f5060-d_firmwaresecpath_f5030secpath_f5040secpath_f5080_firmwaresecpath_f5040_firmwaresecpath_f5080-d_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-45101
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-7.3||HIGH
EPSS-2.20% / 83.75%
||
7 Day CHG~0.00%
Published-01 Feb, 2023 | 04:41
Updated-26 Mar, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.

Action-Not Available
Vendor-Dell Inc.
Product-emc_powerscale_onefsPowerScale OneFS
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-4305
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-9.8||CRITICAL
EPSS-88.99% / 99.50%
||
7 Day CHG~0.00%
Published-23 Jan, 2023 | 14:31
Updated-03 Apr, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Login as User or Customer < 3.3 - Unauthenticated Privilege Escalation to Admin

The Login as User or Customer WordPress plugin before 3.3 lacks authorization checks to ensure that users are allowed to log in as another one, which could allow unauthenticated attackers to obtain a valid admin session.

Action-Not Available
Vendor-wp-buyUnknown
Product-login_as_user_or_customer_\(user_switching\)Login as User or Customer
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-4314
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6||MEDIUM
EPSS-0.05% / 15.24%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 00:00
Updated-14 Apr, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Privilege Management in ikus060/rdiffweb

Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.

Action-Not Available
Vendor-IKUS Software
Product-rdiffwebikus060/rdiffweb
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-43138
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.39%
||
7 Day CHG~0.00%
Published-17 Nov, 2022 | 00:00
Updated-30 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.

Action-Not Available
Vendor-n/aDolibarr ERP & CRM
Product-dolibarr_erp\/crmn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-28391
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 50.81%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 00:00
Updated-10 Jun, 2025 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods.

Action-Not Available
Vendor-fmemodulesn/afme_modulesPrestaShop S.A
Product-b2b_quick_order_formn/aquickproducttable_module_for_pestashop
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-42888
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 27.31%
||
7 Day CHG~0.00%
Published-06 Dec, 2022 | 20:46
Updated-20 Feb, 2025 | 19:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ARMember Plugin <= 5.5.1 is vulnerable to Privilege Escalation

Unauth. Privilege Escalation vulnerability in ARMember premium plugin <= 5.5.1 on WordPress.

Action-Not Available
Vendor-armemberpluginReputeinfosystems
Product-armemberARMember
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-1000082
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.56% / 67.16%
||
7 Day CHG~0.00%
Published-07 Jul, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

systemd v233 and earlier fails to safely parse usernames starting with a numeric digit (e.g. "0day"), running the service in question with root privileges rather than the user intended.

Action-Not Available
Vendor-systemd_projectn/a
Product-systemdn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-24882
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.49% / 64.56%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:48
Updated-09 Jun, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LMS by Masteriyo plugin <= 1.7.2 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.

Action-Not Available
Vendor-themegrillMasteriyomasteriyo
Product-masteriyoLMSmasteriyo
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-25847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.76%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 00:00
Updated-05 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.

Action-Not Available
Vendor-myprestamodulesn/amyprestamodules
Product-product_catalog_\(csv\,_excel\)_importn/aproduct_catalog_import_for_prestashop
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-32272
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-19.62% / 95.20%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 00:00
Updated-03 Aug, 2024 | 07:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OPSWAT MetaDefender Core before 5.1.2, MetaDefender ICAP before 4.12.1, and MetaDefender Email Gateway Security before 5.6.1 have incorrect access control, resulting in privilege escalation.

Action-Not Available
Vendor-opswatn/a
Product-metadefendern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-0668
Matching Score-4
Assigner-JFrog
ShareView Details
Matching Score-4
Assigner-JFrog
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.69%
||
7 Day CHG~0.00%
Published-08 Jan, 2023 | 00:00
Updated-09 Apr, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to Privilege Escalation when a specially crafted request is sent by an unauthenticated user.

Action-Not Available
Vendor-jfrogJFrog
Product-artifactoryJFrog Artifactory
CWE ID-CWE-274
Improper Handling of Insufficient Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-24402
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.89% / 95.94%
||
7 Day CHG~0.00%
Published-26 Feb, 2024 | 00:00
Updated-24 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component.

Action-Not Available
Vendor-n/aNagios Enterprises, LLC
Product-nagios_xin/anagios_xi
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-39007
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.04% / 11.64%
||
7 Day CHG~0.00%
Published-16 Sep, 2022 | 17:57
Updated-03 Jun, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The location module has a vulnerability of bypassing permission verification.Successful exploitation of this vulnerability may cause privilege escalation.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-22922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.69% / 70.78%
||
7 Day CHG~0.00%
Published-25 Jan, 2024 | 00:00
Updated-04 Jun, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

Action-Not Available
Vendor-n/aProjectworlds
Product-visitor_management_system_in_phpn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-22157
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.50% / 65.07%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:47
Updated-01 Aug, 2024 | 22:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress SalesKing plugin <= 1.6.15 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

Action-Not Available
Vendor-WebWizards
Product-SalesKing
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-37015
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.41% / 60.76%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_detection_and_responseSymantec Endpoint Detection and Response
CWE ID-CWE-269
Improper Privilege Management
CVE-2017-20023
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.29% / 52.34%
||
7 Day CHG~0.00%
Published-09 Jun, 2022 | 22:35
Updated-15 Apr, 2025 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Solare Solar-Log Network Config privileges management

A vulnerability was found in Solare Solar-Log 2.8.4-56/3.5.2-85 and classified as critical. This issue affects some unknown processing of the component Network Config. The manipulation leads to privilege escalation. The attack may be initiated remotely. Upgrading to version 3.5.3-86 is able to address this issue. It is recommended to upgrade the affected component.

Action-Not Available
Vendor-solar-logSolare
Product-solar-log_1000_firmwaresolar-log_500solar-log_2000solar-log_500_firmwaresolar-log_300solar-log_300_firmwaresolar-log_250solar-log_250_firmwaresolar-log_2000_firmwaresolar-log_1000_pm\+solar-log_1200_firmwaresolar-log_1000solar-log_1000_pm\+_firmwaresolar-log_800esolar-log_800e_firmwaresolar-log_1200Solar-Log
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-3613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.28% / 84.02%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 19:28
Updated-06 Aug, 2024 | 05:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP backup page

Action-Not Available
Vendor-n/aFortinet, Inc.
Product-fortimanagern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2016-10972
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.32% / 88.45%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:40
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The newspaper theme before 6.7.2 for WordPress has a lack of options access control via td_ajax_update_panel.

Action-Not Available
Vendor-tagdivn/a
Product-newspapern/a
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found