Total
2417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0097 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 7.5 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
| CVE-2024-0096 | 2 Microsoft, Nvidia | 2 Windows, Chatrtx | 2025-09-17 | 7.5 High |
| NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclosure, escalation of privileges, and data tampering. | ||||
| CVE-2025-37123 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2025-09-17 | 8.8 High |
| A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system. | ||||
| CVE-2025-43333 | 1 Apple | 1 Macos | 2025-09-17 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges. | ||||
| CVE-2025-34078 | 1 Nsclient | 1 Nsclient\+\+ | 2025-09-17 | 7.8 High |
| A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions. | ||||
| CVE-2025-8660 | 1 Broadcom | 1 Symantec Pgp Encryption | 2025-09-16 | 9.8 Critical |
| Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed. | ||||
| CVE-2024-47770 | 1 Wazuh | 1 Wazuh | 2025-09-16 | 4.6 Medium |
| Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. This vulnerability occurs when the system has weak privilege access, that allows an attacker to do privilege escalation. In this case the attacker is able to view agent list on Wazuh dashboard with no privilege access. This issue has been addressed in release version 4.9.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-50674 | 1 Openmediavault | 1 Openmediavault | 2025-09-12 | 7.8 High |
| An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root. | ||||
| CVE-2025-55581 | 2 D-link, Dlink | 3 Dcs-825l, Dcs-825l, Dcs-825l Firmware | 2025-09-12 | 7.3 High |
| D-Link DCS-825L firmware version 1.08.01 and possibly prior versions contain an insecure implementation in the mydlink-watch-dog.sh script. The script monitors and respawns the `dcp` and `signalc` binaries without validating their integrity, origin, or permissions. An attacker with filesystem access (e.g., via UART or firmware modification) may replace these binaries to achieve persistent arbitrary code execution with root privileges. The issue stems from improper handling of executable trust and absence of integrity checks in the watchdog logic. | ||||
| CVE-2025-53914 | 1 Calix | 1 Gigacenter Ont | 2025-09-12 | N/A |
| Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. | ||||
| CVE-2025-53913 | 1 Calix | 1 Gigacenter Ont | 2025-09-12 | N/A |
| Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. | ||||
| CVE-2025-9059 | 1 Broadcom | 2 Broadcom, Desktop Management Suite | 2025-09-12 | N/A |
| The Altiris Core Agent Updater package (AeXNSC.exe) is prone to an elevation of privileges vulnerability through DLL hijacking. | ||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2025-09-12 | 6.5 Medium |
| Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928. | ||||
| CVE-2025-50892 | 1 Easeus | 1 Todo Backup | 2025-09-11 | 7.8 High |
| The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation. | ||||
| CVE-2025-52915 | 2025-09-10 | 7.2 High | ||
| K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabling unauthorized processes to perform those actions in kernel space. Successful exploitation can lead to denial of service by disrupting critical third-party services or applications. | ||||
| CVE-2025-27468 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-10 | 7 High |
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-29976 | 1 Microsoft | 1 Sharepoint Server | 2025-09-10 | 7.8 High |
| Improper privilege management in Microsoft Office SharePoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21360 | 1 Microsoft | 1 Autoupdate | 2025-09-09 | 7.8 High |
| Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21343 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-09-09 | 7.5 High |
| Windows Web Threat Defense User Service Information Disclosure Vulnerability | ||||
| CVE-2025-21287 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-09-09 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||