Total
2581 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31283 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31284 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31285 | 1 Trendmicro | 1 Trend Vision One | 2026-02-26 | 4.6 Medium |
| A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability. | ||||
| CVE-2025-31222 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-02-26 | 7.8 High |
| A correctness issue was addressed with improved checks. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. A user may be able to elevate privileges. | ||||
| CVE-2025-27468 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2026-02-26 | 7 High |
| Improper privilege management in Windows Secure Kernel Mode allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-41076 | 1 Apple | 1 Macos | 2026-02-26 | 7.3 High |
| An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code. | ||||
| CVE-2024-22036 | 1 Rancher | 1 Rancher | 2026-02-26 | 9.1 Critical |
| A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot jail and gain root access to the Rancher container itself. In production environments, further privilege escalation is possible based on living off the land within the Rancher container itself. For the test and development environments, based on a –privileged Docker container, it is possible to escape the Docker container and gain execution access on the host system. This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3. | ||||
| CVE-2023-32197 | 1 Suse | 1 Rancher | 2026-02-26 | 6.6 Medium |
| A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5. | ||||
| CVE-2025-1732 | 1 Zyxel | 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more | 2026-02-26 | 6.7 Medium |
| An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device. | ||||
| CVE-2025-4085 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.1 High |
| An attacker with control over a content process could potentially leverage the privileged UITour actor to leak sensitive information or escalate privileges. This vulnerability affects Firefox < 138 and Thunderbird < 138. | ||||
| CVE-2025-26396 | 2026-02-26 | 7.8 High | ||
| The SolarWinds Dameware Mini Remote Control was determined to be affected by Incorrect Permissions Local Privilege Escalation Vulnerability. This vulnerability requires local access and a valid low privilege account to be susceptible to this vulnerability. | ||||
| CVE-2026-26722 | 2 Key Systems, Keystorage | 2 Global Facilities Management Software, Global Facilities Management Software | 2026-02-26 | 9.4 Critical |
| An issue in Key Systems Inc Global Facilities Management Software v.20230721a allows a remote attacker to escalate privileges via PIN component of the login functionality. | ||||
| CVE-2025-6759 | 1 Citrix | 1 Virtual Apps And Desktops | 2026-02-26 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS | ||||
| CVE-2025-22254 | 1 Fortinet | 3 Fortios, Fortiproxy, Fortiweb | 2026-02-26 | 6.5 Medium |
| An Improper Privilege Management vulnerability [CWE-269] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.1, FortiOS 7.4.0 through 7.4.6, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4.0 through 6.4.15, FortiProxy 7.6.0 through 7.6.1, FortiProxy 7.4.0 through 7.4.7, FortiWeb 7.6.0 through 7.6.1, FortiWeb 7.4.0 through 7.4.6 allows an authenticated attacker with at least read-only admin permissions to gain super-admin privileges via crafted requests to Node.js websocket module. | ||||
| CVE-2025-47713 | 1 Apache | 1 Cloudstack | 2026-02-26 | 8.8 High |
| A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can reset the password of user-accounts of Admin role type. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's user-account role must be equal to or higher than the target user-account's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default Admin): - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin". - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true. | ||||
| CVE-2025-47849 | 1 Apache | 2 Apache Cloudstack, Cloudstack | 2026-02-26 | 8.8 High |
| A privilege escalation vulnerability exists in Apache CloudStack versions 4.10.0.0 through 4.20.0.0 where a malicious Domain Admin user in the ROOT domain can get the API key and secret key of user-accounts of Admin role type in the same domain. This operation is not appropriately restricted and allows the attacker to assume control over higher-privileged user-accounts. A malicious Domain Admin attacker can impersonate an Admin user-account and gain access to sensitive APIs and resources that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of infrastructure managed by CloudStack. Users are recommended to upgrade to Apache CloudStack 4.19.3.0 or 4.20.1.0, which fixes the issue with the following: * Strict validation on Role Type hierarchy: the caller's role must be equal to or higher than the target user's role. * API privilege comparison: the caller must possess all privileges of the user they are operating on. * Two new domain-level settings (restricted to the default admin): - role.types.allowed.for.operations.on.accounts.of.same.role.type: Defines which role types are allowed to act on users of the same role type. Default: "Admin, DomainAdmin, ResourceAdmin". - allow.operations.on.users.in.same.account: Allows/disallows user operations within the same account. Default: true. | ||||
| CVE-2025-5687 | 1 Mozilla | 2 Mozilla Vpn, Vpn | 2026-02-26 | 7.8 High |
| A vulnerability in Mozilla VPN on macOS allows privilege escalation from a normal user to root. *This bug only affects Mozilla VPN on macOS. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.28.0 < (macOS). | ||||
| CVE-2025-50062 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Global Payroll Core | 2026-02-26 | 8.1 High |
| Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2025-36633 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2026-02-26 | 8.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could arbitrarily delete local system files with SYSTEM privilege, potentially leading to local privilege escalation. | ||||
| CVE-2025-50069 | 1 Oracle | 2 Database - Java Vm, Java Virtual Machine | 2026-02-26 | 7.7 High |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | ||||