The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restric...Show moreThe My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.Show less |
An improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to u...Show moreAn improper privilege management vulnerability in the recovery function of the Zyxel USG FLEX H series uOS firmware version V1.31 and earlier could allow an authenticated local attacker with administrator privileges to upload a crafted configuration file and escalate privileges on a vulnerable device.Show less |
Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-su...Show moreHarden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to `disable-sudo` bypass. Harden-Runner includes a policy option `disable-sudo` to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with the Docker daemon to launch privileged containers or access the host filesystem. This allows the attacker to regain root access or restore the sudoers file, effectively bypassing the restriction. This issue has been patched in version 2.12.0.Show less |
The UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role o...Show moreThe UrbanGo Membership plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.0.4. This is due to the plugin allowing users who are registering new accounts to set their own role or by supplying 'user_register_role' field. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.Show less |
An issue in WorldCast Systems ECRESO FM/DAB/TV Transmitter v1.10.1 allows authenticated attackers to escalate privileges via a crafted JSON payload. |
Omnissa Horizon Client for Windows contains an LPE Vulnerability. A malicious actor with local access where Horizon Client for Windows is installed may be able to elevate privileges. |
A vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privileg...Show moreA vulnerability has been identified within Rancher where a cluster or node driver can be used to escape the chroot
jail and gain root access to the Rancher container itself. In
production environments, further privilege escalation is possible based
on living off the land within the Rancher container itself. For the test
and development environments, based on a –privileged Docker container,
it is possible to escape the Docker container and gain execution access
on the host system.
This issue affects rancher: from 2.7.0 before 2.7.16, from 2.8.0 before 2.8.9, from 2.9.0 before 2.9.3.Show less |
A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14,...Show moreA Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5.Show less |
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class. |
The WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_s...Show moreThe WPC Admin Columns plugin for WordPress is vulnerable to privilege escalation in versions 2.0.6 to 2.1.0. This is due to the plugin not properly restricting user meta values that can be updated through the ajax_edit_save() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.Show less |
An app may be able to elevate privileges. This issue is fixed in macOS 14. This issue was addressed by removing the vulnerable code. |
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive user data. |
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. |
A vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation.
This could allow an...Show moreA vulnerability has been identified in Siemens License Server (SLS) (All versions < V4.3). The affected application searches for executable files in the application folder without proper validation.
This could allow an attacker to execute arbitrary code with administrative privileges by placing a malicious executable in the same directory.Show less |
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter |
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method |
The Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for...Show moreThe Woffice CRM theme for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 5.4.21. This is due to a misconfiguration of excluded roles during registration. This makes it possible for unauthenticated attackers to register with an Administrator role if a custom login form is being used. This can be combined with CVE-2025-2797 to bypass the user approval process if an Administrator can be tricked into taking an action such as clicking a link.Show less |
The Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly...Show moreThe Vehica Core plugin for WordPress, used by the Vehica - Car Dealer & Listing WordPress Theme, is vulnerable to privilege escalation in all versions up to, and including, 1.0.97. This is due to the plugin not properly validating user meta fields prior to updating them in the database. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change escalate their privileges to Administrator.Show less |
An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code.
Please note: this issue has already been addressed on the backend service and is...Show moreAn HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code.
Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability.Show less |
A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately esc...Show moreA broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges.
Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.Show less |