CVE-2026-41839 Spring Framework Escalation via Session Fixation in WebFlux

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

EUVD-2026-35326

A WebFlux application with a compromised subdomain for example, compromised via cross-site scripting XSS is vulnerable to an escalation attack exchanging a known session ID for that of an authenticated user. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0...

CVE-2025-23093

The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an...

CVE-2020-7110

ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a compromised administrator account, to save malicious scripts within ClearPass that could be executed resulting in a privilege escalation attack. Resolution: Fixed in 6.7.13, 6.8.4, 6.9.0 and higher...

EUVD-2016-4815

Malware in sbrugna...

EUVD-2020-28244

Malware in sbrugna...

EUVD-2016-9617

Malware in sbrugna...

EUVD-2024-23263

Malicious code in bioql PyPI...

EUVD-2025-16170

Malicious code in bioql PyPI...

CVE-2025-49726

Use after free in Windows Notification allows an authorized attacker to elevate privileges locally...

CVE-2025-20114

A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker...

CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6...

CVE-2020-8257

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks...

PT-2025-15527 · Microsoft · Windows Digital Media +1

Name of the Vulnerable Software and Affected Versions: Windows Digital Media affected versions not specified Description: The issue is related to a use after free condition in Windows Digital Media, allowing an authorized attacker to elevate privileges locally. Recommendations: At the moment, the...

CVE-2025-24059

Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

CVE-2024-53356

Weak JWT Secret vulnerabilitiy in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote attackers to generate JWT for privilege escalation. The HMAC secret used for generating tokens is hardcoded as "somerandomaccesstoken". A weak HMAC secret poses a risk because attackers can use the...

USN-7059-2: OATH Toolkit vulnerability

USN-7059-1 fixed a vulnerability in OATH Toolkit library. This update provides the corresponding update for Ubuntu 24.10. Original advisory details: Fabian Vogt discovered that OATH Toolkit incorrectly handled file permissions. A remote attacker could possibly use this issue to overwrite root own...

The vulnerability of the Win32k component in Windows operating systems, which allows attackers to increase their privileges

The vulnerability of the Win32k component in Windows operating systems is related to insecure management of privileges. Exploiting this vulnerability can allow an attacker to enhance their privileges...

Critical Zero-Days in Atera Windows Installers Expose Users to Privilege Escalation Attacks

Zero-day vulnerabilities in Windows Installers for the Atera remote monitoring and management software could act as a springboard to launch privilege escalation attacks. The flaws, discovered by Mandiant on February 28, 2023, have been assigned the identifiers CVE-2023-26077 and CVE-2023-26078,...

CVE-2023-29741

An issue found in BestWeather v.7.3.1 for Android allows unauthorized apps to cause an escalation of privileges attack by manipulating the database...