Export limit exceeded: 43193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-11003 | 1 Elegantthemes | 1 Bloom | 2026-02-04 | 8.8 High |
| The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation. | ||||
| CVE-2024-2433 | 1 Paloaltonetworks | 1 Pan-os | 2026-01-30 | 4.3 Medium |
| An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. | ||||
| CVE-2023-4822 | 2 Grafana, Redhat | 3 Grafana, Grafana Enterprise, Ceph Storage | 2026-01-30 | 6.7 Medium |
| Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor and Organization Admin roles in all organizations. It also allows an Organization Admin to assign or revoke any permissions that they have to any user globally. This means that any Organization Admin can elevate their own permissions in any organization that they are already a member of, or elevate or restrict the permissions of any other user. The vulnerability does not allow a user to become a member of an organization that they are not already a member of, or to add any other users to an organization that the current user is not a member of. | ||||
| CVE-2022-24812 | 1 Grafana | 1 Grafana | 2026-01-28 | 8 High |
| Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded as soon as possible. As an alternative, disable fine-grained access control will mitigate the vulnerability. | ||||
| CVE-2023-23428 | 1 Honor | 1 Magicos | 2026-01-27 | 3.3 Low |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2023-23429 | 1 Honor | 1 Magicos | 2026-01-27 | 4 Medium |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2023-23427 | 1 Honor | 1 Magicos | 2026-01-27 | 4 Medium |
| Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | ||||
| CVE-2025-39202 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 7.3 High |
| A vulnerability exists in in the Monitor Pro interface of the MicroSCADA X SYS600 product. An authenticated user with low privileges can see and overwrite files causing information leak and data corruption. | ||||
| CVE-2025-60010 | 1 Juniper | 3 Junos, Junos Os, Junos Os Evolved | 2026-01-23 | 5.4 Medium |
| A password aging vulnerability in the RADIUS client of Juniper Networks Junos OS and Junos OS Evolved allows an authenticated, network-based attacker to access the device without enforcing the required password change. Affected devices allow logins by users for whom the RADIUS server has responded with a reject and required the user to change the password as their password was expired. Therefore the policy mandating the password change is not enforced. This does not allow users to login with a wrong password, but only with the correct but expired one. This issue affects: Junos OS: * all versions before 22.4R3-S8, * 23.2 versions before 23.2R2-S4, * 23.4 versions before 23.4R2-S5, * 24.2 versions before 24.2R2-S1, * 24.4 versions before 24.4R1-S3, 24.4R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * 23.2 versions before 23.2R2-S4-EVO, * 23.4 versions before 23.4R2-S5-EVO, * 24.2 versions before 24.2R2-S1-EVO, * 24.4 versions before 24.4R1-S3-EVO, 24.4R2-EVO. | ||||
| CVE-2024-22922 | 1 Projectworlds | 1 Visitor Management System | 2026-01-23 | 9.8 Critical |
| An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | ||||
| CVE-2026-22908 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 9.1 Critical |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | ||||
| CVE-2025-67279 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | 5.3 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | ||||
| CVE-2025-67278 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | 6.5 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | ||||
| CVE-2024-31771 | 1 Totalav | 1 Totalav | 2026-01-21 | 7.8 High |
| Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | ||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-01-21 | 6.7 Medium |
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | ||||
| CVE-2023-25701 | 2 Watchtowerhq, Wordpress | 2 Watchtower, Wordpress | 2026-01-21 | 9.8 Critical |
| Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. | ||||
| CVE-2018-25148 | 1 Microhardcorp | 22 Bullet-3g, Bullet-3g Firmware, Bullet-lte and 19 more | 2026-01-21 | 8.8 High |
| Microhard Systems IPn4G 1.1.0 contains multiple authenticated remote code execution vulnerabilities in the admin interface that allow attackers to create crontab jobs and modify system startup scripts. Attackers can exploit hidden admin features to execute arbitrary commands with root privileges, including starting services, disabling firewalls, and writing files to the system. | ||||
| CVE-2025-43019 | 1 Hp | 1 Support Assistant | 2026-01-20 | 7.8 High |
| A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion. | ||||
| CVE-2025-68967 | 1 Huawei | 1 Harmonyos | 2026-01-15 | 5.7 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-0358 | 1 Axis | 1 Axis Os | 2026-01-15 | 8.8 High |
| During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges. | ||||