CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2026-54803

Subscriber Privilege Escalation in SMS Alert Order Notifications = 3.9.4 versions...

9.8CVSS0.0045EPSS

CVE-2026-54807

Unauthenticated Privilege Escalation in Registration Form for WooCommerce = 1.0.9 versions...

9.8CVSS0.0045EPSS

CVE-2026-54196

Subscriber Privilege Escalation in JetFormBuilder = 3.6.1 versions...

6.8CVSS0.00211EPSS

CVE-2026-49058

Unauthenticated Privilege Escalation in LoginPress Pro = 6.2.2 versions...

9.8CVSS0.00331EPSS

CVE-2026-39546

Subscriber Privilege Escalation in MultiLoca = 4.2.15 versions...

7.6CVSS0.00288EPSS

NVD•added 4 days ago•6 views

CVE-2026-28615

In Telecomm, there is a possible way to initiate an unauthorized phone call due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00149EPSS

CVE-2026-27395

Unauthenticated Privilege Escalation in Support Board 3.8.9 versions...

9.8CVSS0.00345EPSS

OSV•added 4 days ago•3 views

DEBIAN-CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.3AI score0.00133EPSS

OSV•added 4 days ago•3 views

DEBIAN-CVE-2026-12448

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: High...

8.8CVSS5.4AI score0.00249EPSS

NVD•added 4 days ago•6 views

CVE-2026-12448

8.8CVSS0.00249EPSS

Exploits0References2

CVE-2026-12449

7.8CVSS0.00133EPSS

Exploits0References2

CVE-2026-12165

The Contest Gallery – Upload & Vote Photos, Media, Sell with PayPal & Stripe plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 30.0.2 via the RegistryUserRole parameter. This is due to the plugin's admin menu being registered at the editposts...

8.8CVSS0.00564EPSS

Exploits0References6

CVE-2026-11858

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service. The update service runs as NT AUTHORITY\SYSTEM and exposes a .NET Remoting interface over a named pipe without sufficient access controls or authorization. A local authenticated...

8.4CVSS0.00125EPSS

CVE-2026-11857

Quanos SCHEMA ST4 on-premises contains a local privilege escalation vulnerability in the Client Update Service due to insecure deserialization in the .NET Remoting service. The service is configured with TypeFilterLevel.Full and is bound to local interfaces only through named pipes. A local...

8.4CVSS0.0027EPSS

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00218EPSS

NVD•added 4 days ago•10 views

CVE-2026-0068

In createSessionInternal of PackageInstallerService.java, there is a possible method to remove a DPC app from a managed device without DO consent due to desync from persistence. This could lead to local escalation of privilege if a user can install a malicious app with no additional execution...

10CVSS0.00123EPSS

NVD•added 4 days ago•7 views

CVE-2026-0071

In SettingsLib, there is a possible missing permission check due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS0.00155EPSS