EUVD-2026-38168

Capgo before 12.128.2 contains a broken row level security policy in the orgusers table that allows authenticated users to elevate privileges from admin to superadmin. Attackers can exploit the insufficient RLS enforcement to gain unauthorized superadmin access and compromise system security...

CVE-2026-20136

CVE-2026-20136 affects Cisco Identity Services Engine (ISE) and ISE-PIC CLI. Root cause: insufficient input validation enabling crafted CLI input to trigger command injection and elevate privileges to root on the underlying OS. Impact: authenticated, local admin can gain root privileges. Exploita...

EUVD-2025-4641

Malicious code in bioql PyPI...

EUVD-2025-9708

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

CVE-2025-0151

Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access...

CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows...

CVE-2024-12284

Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows...

CVE-2023-47683 WordPress Social Login, Social Sharing by miniOrange plugin <= 7.6.6 - Authenticated Privilege Escalation vulnerability

Improper Privilege Management vulnerability in miniOrange WordPress Social Login and Register Discord, Google, Twitter, LinkedIn allows Privilege Escalation.This issue affects WordPress Social Login and Register Discord, Google, Twitter, LinkedIn: from n/a through 7.6.6...

Exploit for Exposure of Resource to Wrong Sphere in Phpgurukul_Blood_Donor_Management_System_Project Phpgurukul_Blood_Donor_Management_System

CVE-2022-38813 Veritical Privilege Escalation via user parame...

CVE-2022-1654 Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 - Authenticated Privilege Escalation

Jupiter Theme = 6.10.1 and JupiterX Core Plugin = 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abbuninstalltemplate" both and "jupiterxcorecpuninstalltemplate" JupiterX Core Only AJAX actions...

Vulnerability fixed in IBM Spectrum Protect Plus

IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...

ProfilePress Plugin for WordPress 3.x < 3.1.4 Multiple Vulnerabilities

The WordPress ProfilePress Plugin installed on the remote host is affected by multiple vulnerabilities : - An unauthenticated privilege escalation exists when supplying wpcapabilties as an array parameter while registering. CVE-2021-34621 - An authenticated privilege escalation exists within the...

WordPress ProfilePress plugin 3.0 – 3.1.3 - Authenticated Privilege Escalation vulnerability

Unauthenticated Privilege Escalation vulnerability discovered by Chloe Chamberland WordFence in WordPress ProfilePress plugin versions 3.0 – 3.1.3. 06.29.2021 - WordFence updated the vulnerable version to 3.0 - 3.1.3. Solution Update the WordPress ProfilePress plugin to the latest available versi...

WordPress Store Locator Plus plugin <= 5.5.14 - Authenticated Privilege Escalation vulnerability

Authenticated Privilege Escalation vulnerability discovered by WordFence in WordPress Store Locator Plus plugin versions = 5.5.14. Solution Update the WordPress Store Locator Plus plugin to the latest available version at least 5.5.15...

Orbit Fox by ThemeIsle < 2.10.3 - Authenticated Privilege Escalation

Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which role to set as the default for users upon registration. This field is hidden from view for...

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role e.g., Administrator during a profile...

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role e.g., Administrator during a profile...

CVE-2020-36156

An issue was discovered in the Ultimate Member plugin before 2.1.12 for WordPress, aka Authenticated Privilege Escalation via Profile Update. Any user with wp-admin access to the profile.php page could supply the parameter um-role with a value set to any role e.g., Administrator during a profile...

CVE-2020-36156

CVE-2020-36156 affects the WordPress plugin Ultimate Member (before 2.1.12). The vulnerability allows an authenticated user with wp-admin access to profile.php to supply the parameter um-role with a value (e.g., Administrator) during a profile update, escalating privileges. Documented impact is P...

GHSA-5Q58-X5H2-V5RX Authenticated Privilege Escalation

Impact Authenticated Privilege Escalation Patches We recommend to update to the current version 6.3.4.1. You can get the update to 6.3.4.1 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older versions of 6.1 an...