Total
2670 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24510 | 1 Dell | 1 Alienware Command Center | 2026-03-20 | 6.7 Medium |
| Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2026-1993 | 2 Smub, Wordpress | 2 Exactmetrics – Google Analytics Dashboard For Wordpress (website Stats Plugin), Wordpress | 2026-03-20 | 8.8 High |
| The ExactMetrics – Google Analytics Dashboard for WordPress plugin is vulnerable to Improper Privilege Management in versions 7.1.0 through 9.0.2. This is due to the `update_settings()` function accepting arbitrary plugin setting names without a whitelist of allowed settings. This makes it possible for authenticated attackers with the `exactmetrics_save_settings` capability to modify any plugin setting, including the `save_settings` option that controls which user roles have access to plugin functionality. The admin intended to delegate configuration access to a trusted user, not enable that user to delegate access to everyone. By setting `save_settings` to include `subscriber`, an attacker can grant plugin administrative access to all subscribers on the site. | ||||
| CVE-2026-30902 | 1 Zoom | 1 Workplace | 2026-03-20 | 7.8 High |
| Improper Privilege Management in certain Zoom Clients for Windows may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-15547 | 1 Freebsd | 1 Freebsd | 2026-03-17 | 8.8 High |
| By default, jailed processes cannot mount filesystems, including nullfs(4). However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic allows that user to escape the jail's chroot, yielding access to the full filesystem of the host or parent jail. In a jail configured to allow nullfs(4) mounts from within the jail, the jailed root user can escape the jail's filesystem root. | ||||
| CVE-2025-15576 | 1 Freebsd | 1 Freebsd | 2026-03-17 | 7.5 High |
| If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. In this case, cooperating processes in the two jails may establish a connection using a unix domain socket and exchange directory descriptors with each other. When performing a filesystem name lookup, at each step of the lookup, the kernel checks whether the lookup would descend below the jail root of the current process. If the jail root directory is not encountered, the lookup continues. In a configuration where processes in two different jails are able to exchange file descriptors using a unix domain socket, it is possible for a jailed process to receive a directory for a descriptor that is below that process' jail root. This enables full filesystem access for a jailed process, breaking the chroot. Note that the system administrator is still responsible for ensuring that an unprivileged user on the jail host is not able to pass directory descriptors to a jailed process, even in a patched kernel. | ||||
| CVE-2023-27651 | 1 Egostudiogroup | 1 Super Clean | 2026-03-13 | 7.8 High |
| An issue found in Ego Studio SuperClean v.1.1.9 and v.1.1.5 allows an attacker to gain privileges via the update_info field of the _default_.xml file. | ||||
| CVE-2025-66315 | 1 Zte | 3 Mf258, Mf258k Pro, Mf258k Pro Firmware | 2026-03-12 | 4.3 Medium |
| There is a configuration defect vulnerability in the version server of ZTE MF258K Pro products. Due to improper directory permission settings, an attacker can execute write permissions in a specific directory. | ||||
| CVE-2025-40594 | 1 Siemens | 6 Sinamics G220, Sinamics G220 Firmware, Sinamics S200 and 3 more | 2026-03-10 | 6.3 Medium |
| A vulnerability has been identified in SINAMICS G220 V6.4 (All versions < V6.4 HF2), SINAMICS S200 V6.4 (All versions < V6.4 HF7), SINAMICS S210 V6.4 (All versions < V6.4 HF2). The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges. | ||||
| CVE-2025-63909 | 1 Cohesity | 2 Tranzman, Tranzman Migration Appliance | 2026-03-05 | 7.2 High |
| Incorrect access control in the component /opt/SRLtzm/bin/TapeDumper of Cohesity TranZman Migration Appliance Release 4.0 Build 14614 allows attackers to escalate privileges to root and read and write arbitrary files. | ||||
| CVE-2024-23457 | 1 Zscaler | 1 Client Connector | 2026-03-02 | 7.8 High |
| The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209 | ||||
| CVE-2025-66374 | 1 Cyberark | 1 Endpoint Privilege Manager | 2026-02-28 | 7.8 High |
| CyberArk Endpoint Privilege Manager Agent through 25.10.0 allows a local user to achieve privilege escalation through policy elevation of an Administration task. | ||||
| CVE-2024-29741 | 1 Google | 1 Android | 2026-02-28 | 7.8 High |
| In pblS2mpuResume of s2mpu.c, there is a possible mitigation bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-22795 | 1 Forescout | 1 Secureconnector | 2026-02-26 | 7 High |
| Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. | ||||
| CVE-2024-58104 | 1 Trendmicro | 1 Apex One | 2026-02-26 | 7.3 High |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-22220 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2026-02-26 | 4.3 Medium |
| VMware Aria Operations for Logs contains a privilege escalation vulnerability. A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user. | ||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2026-02-26 | 8.8 High |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | ||||
| CVE-2025-31282 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31283 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31284 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31285 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||