CVE-2020-7297

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user to access protected dashboard data via improper access control in the user interface...

EUVD-2020-28421

Malware in sbrugna...

EUVD-2017-1341

Malware in sbrugna...

EUVD-2023-42356

Malicious code in bioql PyPI...

EUVD-2023-41311

Malicious code in bioql PyPI...

Amazon Linux 2 : pam (ALAS-2025-2950)

The version of pam installed on the remote host is prior to 1.1.8-23. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2950 advisory. A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local...

CVE-2025-52166

Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information...

FreeBSD : MongoDB -- may be susceptible to privilege escalation due to $mergeCursors stage (77dc1fc4-5bc5-11f0-834f-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 77dc1fc4-5bc5-11f0-834f-b42e991fc52e advisory. [email protected] reports: An unauthorized user may leverage a specially crafted aggregation pipeline to...

CVE-2024-27674

Macro Expert through 4.9.4 allows BUILTIN\Users:OICIM access to the "%PROGRAMFILESX86%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary...

CVE-2025-21081

Protection mechanism failure for some Edge Orchestrator software for IntelR Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2025-20046 · Unknown · Sepunion Service

Name of the Vulnerable Software and Affected Versions: sepunion service versions prior to SMR May-2025 Release 1 Description: The issue is related to improper handling of insufficient permission or privileges in the sepunion service, allowing local privileged attackers to access files with system...

CVE-2025-31285

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the...

CVE-2025-24994

Technical details about CVE-2025-24994 (Windows Cross Device Service elevation of privilege) are not publicly provided in the connected documents. Monitor for updates from Microsoft and incident responders.

PT-2025-9028 · Xiq-Se · Xiq-Se

Name of the Vulnerable Software and Affected Versions: XIQ-SE versions prior to 24.2.11 Description: The issue is due to a missing access control check, allowing a path traversal that may lead to privilege escalation. Recommendations: For versions prior to 24.2.11, update to version 24.2.11 or...

CVE-2024-38292

In Extreme Networks XIQ-SE before 24.2.11, due to a missing access control check, a path traversal is possible, which may lead to privilege escalation...

CVE-2025-24435 Adobe Commerce | Improper Access Control (CWE-284)

Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthoriz...

CVE-2024-39924

An issue was discovered in Vaultwarden formerly BitwardenRS 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate...

PT-2024-8344 · Grafana +1 · Grafana +1

Name of the Vulnerable Software and Affected Versions: Grafana versions affected versions not specified Description: A vulnerability in Grafana Labs Grafana OSS and Enterprise allows privilege escalation, enabling users to gain access to resources from other organizations within the same Grafana...

CVE-2024-22830

Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. This allows a local attacker to escalate privileges from regular user to System or PPL level...

CVE-2023-25149 TimescaleDB has incorrect access control

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...