Total
2671 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32244 | 1 Xtemos | 1 Woodmart Core | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | ||||
| CVE-2024-39633 | 1 Ideabox | 1 Powerpack For Beaver Builder | 2026-04-15 | 8.8 High |
| Improper Privilege Management vulnerability in IdeaBox PowerPack for Beaver Builder allows Privilege Escalation.This issue affects PowerPack for Beaver Builder: from n/a through 2.33.0. | ||||
| CVE-2024-31498 | 1 Yubico | 1 Yubikey Manager Gui | 2026-04-15 | 8.8 High |
| Yubico ykman-gui (aka YubiKey Manager GUI) before 1.2.6 on Windows, when Edge is not used, allows privilege escalation because browser windows can open as Administrator. | ||||
| CVE-2024-33398 | 1 Piraeus Operator | 1 Piraeus Operator | 2026-04-15 | 7.5 High |
| There is a ClusterRole in piraeus-operator v2.5.0 and earlier which has been granted list secrets permission, which allows an attacker to impersonate the service account bound to this ClusterRole and use its high-risk privileges to list confidential information across the cluster. | ||||
| CVE-2016-15045 | 2026-04-15 | N/A | ||
| A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root. | ||||
| CVE-2024-39206 | 1 Msp360 | 1 Backup Agent | 2026-04-15 | 7.5 High |
| An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84 allows attackers to obtain network share credentials used in a backup due to enginesettings.list being encrypted with a hard coded key. | ||||
| CVE-2025-27847 | 1 Espec | 1 North America Web Controller | 2026-04-15 | 4.3 Medium |
| In ESPEC North America Web Controller 3 before 3.3.8, /api/v4/auth/ users session privileges are not revoked on logout. | ||||
| CVE-2024-22029 | 2026-04-15 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||
| CVE-2023-32197 | 1 Suse | 1 Rancher | 2026-04-15 | 6.6 Medium |
| A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5. | ||||
| CVE-2025-9966 | 1 Novakon | 1 P Series | 2026-04-15 | N/A |
| Improper privilege management vulnerability in Novakon P series allows attackers to gain root privileges if one service is compromized.This issue affects P series: P – V2001.A.C518o2 until P-2.0.05 Build 2026.02.06 (commit d0f97fd9). | ||||
| CVE-2025-23093 | 2026-04-15 | 8.8 High | ||
| The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. | ||||
| CVE-2024-9636 | 2026-04-15 | 9.8 Critical | ||
| The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. | ||||
| CVE-2024-48730 | 2026-04-15 | 6.5 Medium | ||
| The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges. | ||||
| CVE-2023-49232 | 1 Stilog | 1 Visual Planning 8 | 2026-04-15 | 9.8 Critical |
| An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to brute-force the password reset PINs of administrative users. | ||||
| CVE-2023-51476 | 1 Wpmlmsoftware | 1 Wp Mlm Unilevel | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. | ||||
| CVE-2025-34251 | 2 Google, Tesla | 4 Android, Telematics Control Unit, Tesla and 1 more | 2026-04-15 | N/A |
| Tesla Telematics Control Unit (TCU) firmware prior to v2025.14 contains an authentication bypass vulnerability. The TCU runs the Android Debug Bridge (adbd) as root and, despite a “lockdown” check that disables adb shell, still permits adb push/pull and adb forward. Because adbd is privileged and the device’s USB port is exposed externally, an attacker with physical access can write an arbitrary file to a writable location and then overwrite the kernel’s uevent_helper or /proc/sys/kernel/hotplug entries via ADB, causing the script to be executed with root privileges. | ||||
| CVE-2023-53908 | 1 Belden | 1 Hisecos | 2026-04-15 | 8.8 High |
| HiSecOS 04.0.01 contains a privilege escalation vulnerability that allows authenticated users to modify their access role through XML-based NETCONF configuration. Attackers can send crafted XML payloads to the /mops_data endpoint with a specific role value to elevate their user privileges to administrative level. | ||||
| CVE-2023-47782 | 2026-04-15 | 8.8 High | ||
| Improper Privilege Management vulnerability in Thrive Themes Thrive Theme Builder allows Privilege Escalation.This issue affects Thrive Theme Builder: from n/a before 3.24.0. | ||||
| CVE-2024-44540 | 1 Ubiquiti | 1 Airmax Firmware | 2026-04-15 | 6.6 Medium |
| Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2025-47420 | 2026-04-15 | N/A | ||
| 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. | ||||