Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-34331

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Sep, 2024 | 00:00
Updated At-23 Sep, 2024 | 16:15
Rejected At-
Credits

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Sep, 2024 | 00:00
Updated At:23 Sep, 2024 | 16:15
Rejected At:
▼CVE Numbering Authority (CNA)

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.parallels.com/129860
N/A
https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html
N/A
Hyperlink: https://kb.parallels.com/129860
Resource: N/A
Hyperlink: https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
Parallels International Gmbhparallels
Product
parallels_desktop
CPEs
  • cpe:2.3:a:parallels:parallels_desktop:*:*:*:*:*:macos:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 19.3.0 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269 Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269 Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Sep, 2024 | 16:15
Updated At:26 Sep, 2024 | 13:32

A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-269Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-269
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.parallels.com/129860cve@mitre.org
N/A
https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.htmlcve@mitre.org
N/A
Hyperlink: https://kb.parallels.com/129860
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://khronokernel.com/macos/2024/05/30/CVE-2024-34331.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

247Records found
CVE-2016-10971
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.71% / 71.67%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:39
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MemberSonic Lite plugin before 1.302 for WordPress has incorrect login access control because only knowlewdge of an e-mail address is required.

Action-Not Available
Vendor-membersonicn/a
Product-membersonicn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27664
Matching Score-4
Assigner-Johnson Controls
ShareView Details
Matching Score-4
Assigner-Johnson Controls
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.05%
||
7 Day CHG~0.00%
Published-11 Oct, 2021 | 15:21
Updated-17 Sep, 2024 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
exacqVision Web Service

Under certain configurations an unauthenticated remote user could be given access to credentials stored in the exacqVision Server.

Action-Not Available
Vendor-johnsoncontrolsJohnson Controls
Product-exacqvision_web_serviceexacqVision Web Service
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-6295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.60%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 16:15
Updated-06 Aug, 2024 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman account via upload module

Action-Not Available
Vendor-n/aPrestaShop S.A
Product-prestashopn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-5027
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.91%
||
7 Day CHG~0.00%
Published-27 Dec, 2019 | 17:02
Updated-06 Aug, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Collabtive 1.0 has incorrect access control

Action-Not Available
Vendor-o-dynn/a
Product-collabtiven/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-6099
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.07% / 20.28%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 15:31
Updated-08 Jan, 2025 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Shenzhen Youkate Industrial Facial Love Cloud Payment System Account SystemMng.ashx privileges management

A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-szjocatShenzhen Youkate Industrial
Product-facial_love_cloud_platformFacial Love Cloud Payment System
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-59247
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.22% / 43.97%
||
7 Day CHG+0.08%
Published-09 Oct, 2025 | 21:04
Updated-13 Feb, 2026 | 23:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure PlayFab Elevation of Privilege Vulnerability

Azure PlayFab Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_playfabAzure PlayFab
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-565
Reliance on Cookies without Validation and Integrity Checking
CVE-2021-28411
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.35%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-09 Oct, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in getRememberedSerializedIdentity function in CookieRememberMeManager class in lerry903 RuoYi version 3.4.0, allows remote attackers to escalate privileges.

Action-Not Available
Vendor-n/aRuoyi
Product-ruoyin/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-59693
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 23.49%
||
7 Day CHG~0.00%
Published-02 Dec, 2025 | 00:00
Updated-15 Dec, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

Action-Not Available
Vendor-entrustn/a
Product-nshield_hsmi_firmwarenshield_connect_xc_highnshield_connect_xc_high_firmwarenshield_connect_xc_base_firmwarenshield_connect_xc_basenshield_hsminshield_connect_xc_mid_firmwarenshield_connect_xc_midnshield_5c_firmwarenshield_5cn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-1517
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-10||CRITICAL
EPSS-0.42% / 61.38%
||
7 Day CHG~0.00%
Published-24 Jun, 2022 | 15:00
Updated-16 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
3.2.1 EXECUTION WITH UNNECESSARY PRIVILEGES CWE-250

LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to change settings, configurations, software, or access sensitive data on the affected produc. An attacker could also exploit this vulnerability to access APIs not intended for general use and interact through the network.

Action-Not Available
Vendor-illuminaIllumina
Product-nextseq_550dxmiseqiseq_100nextseq_500miniseqnextseq_550miseq_dxlocal_run_managerNextSeq 550DxNextSeq 550 InstrumentiSeq 100 InstrumentMiSeq InstrumentNextSeq 500 InstrumentMiniSeq InstrumentMiSeq Dx
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-5402
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.54%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 17:59
Updated-27 Feb, 2025 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper Privilege Management vulnerability exists that could cause a remote code execution when the transfer command is used over the network.

Action-Not Available
Vendor-Schneider Electric SE
Product-c-bus_toolkitC-Bus Toolkit
CWE ID-CWE-269
Improper Privilege Management
CVE-2013-3323
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.53% / 66.86%
||
7 Day CHG~0.00%
Published-18 Feb, 2020 | 16:03
Updated-06 Aug, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Privilege Escalation Vulnerability exists in IBM Maximo Asset Management 7.5, 7.1, and 6.2, when WebSeal with Basic Authentication is used, due to a failure to invalidate the authentication session, which could let a malicious user obtain unauthorized access.

Action-Not Available
Vendor-n/aIBM Corporation
Product-maximo_for_transportationmaximo_for_life_sciencesmaximo_asset_managementmaximo_for_governmentmaximo_service_deskmaximo_asset_management_essentialsmaximo_for_oil_and_gastivoli_asset_management_for_ittivoli_service_request_managermaximo_for_utilitieschange_and_configuration_management_databasemaximo_for_nuclear_powersmartcloud_control_deskn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-24927
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-video_playerSamsung Video Player
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51483
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.77%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:44
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Frontend Profile plugin <= 1.3.1 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1.

Action-Not Available
Vendor-Glowlogixglowlogix
Product-WP Frontend Profilewp_frontend_profile
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-5214
Matching Score-4
Assigner-Perforce
ShareView Details
Matching Score-4
Assigner-Perforce
CVSS Score-6.5||MEDIUM
EPSS-0.17% / 38.67%
||
7 Day CHG~0.00%
Published-06 Oct, 2023 | 17:22
Updated-19 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2023-5214 - Privilege Escalation in Puppet Bolt

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

Action-Not Available
Vendor-Perforce Software, Inc. ("Puppet")
Product-boltBolt
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.11% / 29.00%
||
7 Day CHG~0.00%
Published-24 Apr, 2024 | 16:05
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rencontre plugin <= 3.10.1 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1.

Action-Not Available
Vendor-Jacques Malgrangejacques_malgrange
Product-Rencontre – Dating Siterencontre
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-51476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.62% / 69.66%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:43
Updated-02 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP MLM Unilevel plugin <= 4.0 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0.

Action-Not Available
Vendor-IOSSwpmlmsoftware
Product-WP MLM Unilevelwp_mlm_unilevel
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-5954
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.18% / 40.03%
||
7 Day CHG~0.00%
Published-01 Aug, 2025 | 02:24
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Service Finder SMS System <= 2.0.0 - Unauthenticated Privilege Escalation

The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user.

Action-Not Available
Vendor-aonetheme
Product-Service Finder SMS System
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-50921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.34%
||
7 Day CHG~0.00%
Published-03 Jan, 2024 | 00:00
Updated-18 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on GL.iNet devices through 4.5.0. Attackers can invoke the add_user interface in the system module to gain root privileges. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.

Action-Not Available
Vendor-gl-inetn/a
Product-gl-ax1800_firmwaregl-mt2500_firmwaregl-mt300n-v2gl-mt2500gl-a1300_firmwaregl-mt3000_firmwaregl-ar300mgl-ar750sgl-b1300gl-mt6000_firmwaregl-b1300_firmwaregl-axt1800_firmwaregl-mt1300gl-mt1300_firmwaregl-a1300gl-ar300m_firmwaregl-ar750gl-ax1800gl-ar750_firmwaregl-axt1800gl-mt6000gl-mt3000gl-mt300n-v2_firmwaregl-ar750s_firmwaren/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25508
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.27% / 50.03%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 02:04
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smartthingsSmartThings
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-57118
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 21.19%
||
7 Day CHG-0.03%
Published-15 Sep, 2025 | 00:00
Updated-18 Sep, 2025 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-online_library_management_systemn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-58053
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.06% / 17.38%
||
7 Day CHG~0.00%
Published-19 Dec, 2025 | 16:26
Updated-05 Jan, 2026 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galette has a privilege escalation vulnerability

Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.

Action-Not Available
Vendor-galettegalette
Product-galettegalette
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-38770
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.57%
||
7 Day CHG~0.00%
Published-01 Aug, 2024 | 20:57
Updated-07 Aug, 2024 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Backup and Staging by WP Time Capsule plugin <= 1.22.20 - Authentication Bypass and Privilege Escalation Vulnerability

Improper Privilege Management vulnerability in Revmakx Backup and Staging by WP Time Capsule allows Privilege Escalation, Authentication Bypass.This issue affects Backup and Staging by WP Time Capsule: from n/a through 1.22.20.

Action-Not Available
Vendor-Revmakxrevmakx
Product-Backup and Staging by WP Time Capsulebackup_and_staging_by_wp_time_capsule
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-48419
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-10||CRITICAL
EPSS-0.02% / 6.07%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 18:44
Updated-17 Jun, 2025 | 20:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in EoP

An attacker in the wifi vicinity of a target Google Home can spy on the victim, resulting in Elevation of Privilege 

Action-Not Available
Vendor-Google LLC
Product-home_mininest_minihome_firmwarehome_mini_firmwarehomenest_audionest_mini_firmwarenest_audio_firmwareGoogle Nest Mini
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-48902
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 43.05%
||
7 Day CHG~0.00%
Published-21 Mar, 2024 | 00:00
Updated-19 May, 2025 | 13:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.

Action-Not Available
Vendor-tramyardgn/atramyardg
Product-autoexpressn/aautoexpress
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47868
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.3||HIGH
EPSS-0.25% / 48.07%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:37
Updated-09 Feb, 2025 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress wpForo plugin <= 2.2.3 - Privilege Escalation vulnerability

Improper Privilege Management vulnerability in wpForo wpForo Forum allows Privilege Escalation.This issue affects wpForo Forum: from n/a through 2.2.3.

Action-Not Available
Vendor-gvectorswpForogvectors
Product-wpforo_forumwpForo Forumwpforo_forum
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-4662
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-9.8||CRITICAL
EPSS-0.74% / 72.46%
||
7 Day CHG~0.00%
Published-15 Sep, 2023 | 08:36
Updated-24 Sep, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RCE in Saphira Connect

Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.

Action-Not Available
Vendor-SaphiraAdobe Inc.
Product-connectSaphira Connect
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44809
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.45% / 84.89%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 00:00
Updated-17 Sep, 2024 | 02:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dir-820l_firmwaredir-820ln/adir-820l
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-36046
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 36.47%
||
7 Day CHG~0.00%
Published-27 Feb, 2025 | 00:00
Updated-10 Apr, 2025 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Infoblox NIOS through 8.6.4 executes with more privileges than required.

Action-Not Available
Vendor-infobloxn/a
Product-niosn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44105
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 12:06
Updated-19 Sep, 2024 | 13:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of permissions not being strictly verified in the window management module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-37002
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.4||HIGH
EPSS-0.13% / 32.78%
||
7 Day CHG~0.00%
Published-09 Aug, 2022 | 20:10
Updated-20 Oct, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuimagic_uiharmonyosMagic UIEMUIHarmonyOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-22801
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 74.36%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 18:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions)

Action-Not Available
Vendor-n/a
Product-connexium_network_managerConneXium Network Manager Software (All Versions)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-44106
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-9.8||CRITICAL
EPSS-0.08% / 24.44%
||
7 Day CHG~0.00%
Published-11 Oct, 2023 | 11:55
Updated-18 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

API permission management vulnerability in the Fwk-Display module.Successful exploitation of this vulnerability may cause features to perform abnormally.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiHarmonyOSEMUI
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-35700
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.46%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 13:40
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress UserPro plugin <= 5.1.8 - Unauthenticated Account Takeover vulnerability

Improper Privilege Management vulnerability in DeluxeThemes Userpro allows Privilege Escalation.This issue affects Userpro: from n/a through 5.1.8.

Action-Not Available
Vendor-userpropluginDeluxeThemes
Product-userproUserpro
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-4404
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.08%
||
7 Day CHG~0.00%
Published-23 Aug, 2023 | 01:58
Updated-05 Feb, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Donation Forms by Charitable plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.7.0.12 due to insufficient restriction on the 'update_core_user' function. This makes it possible for unauthenticated attackers to specify their user role by supplying the 'role' parameter during a registration.

Action-Not Available
Vendor-WP Charitable LLC.Awesome Motive Inc.
Product-charitableDonation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-25847
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 16.83%
||
7 Day CHG~0.00%
Published-03 Mar, 2024 | 00:00
Updated-05 May, 2025 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods.

Action-Not Available
Vendor-myprestamodulesn/amyprestamodules
Product-product_catalog_\(csv\,_excel\)_importn/aproduct_catalog_import_for_prestashop
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-37015
Matching Score-4
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-4
Assigner-Symantec - A Division of Broadcom
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.76%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Detection and Response (SEDR) Appliance, prior to 4.7.0, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_detection_and_responseSymantec Endpoint Detection and Response
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-43457
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-1.26% / 79.12%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 00:00
Updated-24 Sep, 2024 | 15:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint.

Action-Not Available
Vendor-n/aoretnom23
Product-service_provider_management_systemn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33374
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.22%
||
7 Day CHG~0.00%
Published-14 Jun, 2024 | 00:00
Updated-02 Aug, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without authentication.

Action-Not Available
Vendor-n/alb_link
Product-n/abl_w1210m
CWE ID-CWE-269
Improper Privilege Management
CVE-2025-8489
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-39.12% / 97.17%
||
7 Day CHG~0.00%
Published-31 Oct, 2025 | 06:42
Updated-01 Dec, 2025 | 22:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it possible for unauthenticated attackers to register with administrator-level user accounts.

Action-Not Available
Vendor-kingaddons
Product-King Addons for Elementor – 4,000+ ready Elementor sections, 650+ templates, 70+ FREE widgets for Elementor
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33567
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-9.8||CRITICAL
EPSS-1.01% / 76.73%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 08:17
Updated-02 Aug, 2024 | 02:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Scanner with Inventory & Order Manager plugin <= 1.5.3 - Unauthenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.

Action-Not Available
Vendor-UkrSolution
Product-Barcode Scanner with Inventory & Order Manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2003-5001
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.31% / 53.78%
||
7 Day CHG~0.00%
Published-28 Mar, 2022 | 20:45
Updated-08 Aug, 2024 | 03:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ISS BlackICE PC Protection Cross Site Scripting Detection privileges management

A vulnerability was found in ISS BlackICE PC Protection and classified as critical. Affected by this issue is the component Cross Site Scripting Detection. The manipulation as part of POST/PUT/DELETE/OPTIONS Request leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. NOTE: This vulnerability only affects products that are no longer supported by the maintainer

Action-Not Available
Vendor-ISSIBM Corporation
Product-iss_blackice_pc_protectionBlackICE PC Protection
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-20021
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-9.8||CRITICAL
EPSS-90.15% / 99.57%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:50
Updated-10 Nov, 2025 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.

A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host.

Action-Not Available
Vendor-SonicWall Inc.Microsoft Corporation
Product-email_security_appliance_7050_firmwareemail_security_appliance_9000email_security_appliance_8300_firmwareemail_securityhosted_email_securityemail_security_appliance_7000email_security_appliance_5000email_security_appliance_3300email_security_appliance_4300_firmwareemail_security_appliance_7000_firmwareemail_security_appliance_7050email_security_appliance_5050_firmwareemail_security_appliance_4300email_security_appliance_8300email_security_appliance_5000_firmwarewindowsemail_security_appliance_9000_firmwareemail_security_virtual_applianceemail_security_appliance_3300_firmwareemail_security_appliance_5050Email SecuritySonicWall Email Security
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-33872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.20% / 41.52%
||
7 Day CHG~0.00%
Published-20 Aug, 2024 | 00:00
Updated-20 Aug, 2024 | 18:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.

Action-Not Available
Vendor-n/akeyfactor
Product-n/acommand
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-41957
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-8.6||HIGH
EPSS-0.14% / 33.37%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:56
Updated-25 Mar, 2025 | 17:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Membership plugin <= 4.3.4 - Unauthenticated Membership Role Privilege Escalation vulnerability

Improper Privilege Management vulnerability in smp7, wp.Insider Simple Membership allows Privilege Escalation.This issue affects Simple Membership: from n/a through 4.3.4.

Action-Not Available
Vendor-simple-membership-pluginsmp7, wp.insidersmp7_wpinsider
Product-simple_membershipSimple Membershipsimple_membership
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-20618
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-9.8||CRITICAL
EPSS-2.51% / 85.05%
||
7 Day CHG~0.00%
Published-14 Jan, 2021 | 08:20
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Privilege chaining vulnerability in acmailer ver. 4.0.2 and earlier, and acmailer DB ver. 1.1.4 and earlier allows remote attackers to bypass authentication and to gain an administrative privilege which may result in obtaining the sensitive information on the server via unspecified vectors.

Action-Not Available
Vendor-acmailerSeeds Co.,Ltd.
Product-acmailer_dbacmaileracmailer and acmailer DB
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-39335
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-1.62% / 81.45%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:18
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security vulnerability has been identified in EPMM Versions 11.10, 11.9 and 11.8 and older allowing an unauthenticated threat actor to impersonate any existing user during the device enrollment process. This issue poses a significant security risk, as it enables unauthorized access and potential misuse of user accounts and resources.

Action-Not Available
Vendor-Ivanti Software
Product-endpoint_manager_mobileEPMM
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-38944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 33.58%
||
7 Day CHG-0.04%
Published-05 Mar, 2024 | 00:00
Updated-04 Nov, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header.

Action-Not Available
Vendor-multilasern/amultilaser
Product-re160vre163v_firmwarere160v_firmwarere163vn/are163v_firmwarere160v_firmware
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-38734
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 22.26%
||
7 Day CHG~0.00%
Published-22 Aug, 2023 | 21:18
Updated-03 Oct, 2024 | 13:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Robotic Process Automation privilege escalation

IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.

Action-Not Available
Vendor-Red Hat, Inc.Microsoft CorporationIBM Corporation
Product-robotic_process_automationopenshiftwindowsRobotic Process Automationrobotic_process_automation
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-32418
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-3.89% / 87.98%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 00:00
Updated-30 Apr, 2025 | 16:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in flusity CMS v2.33 allows a remote attacker to execute arbitrary code via the add_addon.php component.

Action-Not Available
Vendor-flusityn/aflusity
Product-flusityn/aflusity
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2025-6934
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-17.48% / 94.91%
||
7 Day CHG~0.00%
Published-01 Jul, 2025 | 06:43
Updated-03 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'

The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the 'on_regiser_user' function. This makes it possible for unauthenticated attackers to arbitrarily choose the role, including the Administrator role, assigned when registering.

Action-Not Available
Vendor-wpopal
Product-Opal Estate Pro – Property Management and Submission
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • Next
Details not found