Execution with Unnecessary Privileges

The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CVEs (315)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-1137 1Ibm 1Storage Scale Sep 29, 2025 May 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 IBM Storage Scale 5.2.2.0 and 5.2.2.1, under certain configurations, could allow an authenticated user to execute privileged commands due to improper input neutralization.
CVE-2025-3925 - - May 8, 2025 May 7, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once c...Show more BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained.Show less
CVE-2024-6030 1Tesla 1Model S Firmware Aug 12, 2025 Apr 30, 2025 N/A· v4 7.0 HIGH· v3 N/A· v2 Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to ex...Show more Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200.Show less
CVE-2025-23181 - - May 2, 2025 Apr 29, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 CWE-250: Execution with Unnecessary Privileges
CVE-2025-23180 - - May 2, 2025 Apr 29, 2025 N/A· v4 8.0 HIGH· v3 N/A· v2 CWE-250: Execution with Unnecessary Privileges
CVE-2025-1951 1Ibm 1Hardware Management Console Aug 12, 2025 Apr 22, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges.
CVE-2025-32445 - - Apr 16, 2025 Apr 15, 2025 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even...Show more Argo Events is an event-driven workflow automation framework for Kubernetes. A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. The EventSource and Sensor CRs allow the corresponding orchestrated pod to be customized with spec.template and spec.template.container (with type k8s.io/api/core/v1.Container), thus, any specification under container such as command, args, securityContext , volumeMount can be specified, and applied to the EventSource or Sensor pod. With these, a user would be able to gain privileged access to the cluster host, if he/she specified the EventSource/Sensor CR with some particular properties under template. This vulnerability is fixed in v1.9.6.Show less
CVE-2025-0120 1Paloaltonetworks 1Globalprotect Jun 27, 2025 Apr 11, 2025 7.1 HIGH· v4 7.0 HIGH· v3 N/A· v2 A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTH...Show more A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit.Show less
CVE-2025-23009 - - Apr 17, 2025 Apr 10, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion.
CVE-2025-23008 - - Apr 11, 2025 Apr 10, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations.
CVE-2025-3364 - - Apr 8, 2025 Apr 8, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system.
CVE-2024-11821 1Langgenius 1Dify Jul 14, 2025 Mar 20, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because th...Show more A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations.Show less
CVE-2024-48013 1Dell 1Smartfabric Os10 Jul 14, 2025 Mar 17, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit...Show more Dell SmartFabric OS10 Software, version(s) 10.5.4.x, 10.5.5.x, 10.5.6.x, 10.6.0.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges.Show less
CVE-2025-22368 - - Mar 11, 2025 Mar 11, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the...Show more The authenticated SCU firmware command of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS commands are improperly neutralized when certain fields are passed to the underlying OS.Show less
CVE-2025-22367 - - Mar 11, 2025 Mar 11, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to th...Show more The authenticated time setting capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.Show less
CVE-2025-22366 - - Mar 11, 2025 Mar 11, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to...Show more The authenticated firmware update capability of the firmware for Mennekes Smart / Premium Chargingpoints can be abused for command execution because OS command are improperly neutralized when certain fields are passed to the underlying OS.Show less
CVE-2024-2240 1Broadcom 1Brocade Sannav Aug 26, 2025 Feb 14, 2025 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks.
CVE-2024-8266 1Gitlab 1Gitlab Aug 6, 2025 Feb 13, 2025 N/A· v4 6.6 MEDIUM· v3 N/A· v2 An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances.
CVE-2024-7102 1Gitlab 1Gitlab Aug 6, 2025 Feb 13, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances.
CVE-2024-12673 - - Feb 12, 2025 Feb 12, 2025 8.5 HIGH· v4 7.8 HIGH· v3 N/A· v2 An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only...Show more An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1)Show less

Previous 1...678...16 Next