Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-57062 1Soundcloud 1Soundcloud Apr 3, 2025 Mar 13, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component.
CVE-2025-21199 1Microsoft 1Azure Agent Jul 7, 2025 Mar 11, 2025 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper privilege management in Azure Agent Installer allows an authorized attacker to elevate privileges locally.
CVE-2025-26706 1Zte 1Goldendb Mar 19, 2025 Mar 11, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.07.
CVE-2025-26705 1Zte 1Goldendb Mar 19, 2025 Mar 11, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2025-26704 1Zte 1Goldendb Mar 19, 2025 Mar 11, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2025-26703 1Zte 1Goldendb Mar 19, 2025 Mar 11, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.04.
CVE-2025-26707 - - Mar 11, 2025 Mar 11, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Improper Privilege Management vulnerability in ZTE GoldenDB allows Privilege Escalation.This issue affects GoldenDB: from 6.1.03 through 6.1.03.05.
CVE-2024-54560 1Apple 5Ipados Iphone OsMacos+2 more Apr 2, 2026 Mar 10, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permiss...Show more A logic issue was addressed with improved checks. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11. A malicious app may be able to modify other apps without having App Management permission.Show less
CVE-2025-0177 1Javothemes 1Javo Core Mar 13, 2025 Mar 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. T...Show more The Javo Core plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.0.0.080. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.Show less
CVE-2024-13835 1Wpexpertplugins 1Post Meta Data Manager Apr 8, 2026 Mar 8, 2025 N/A· v4 7.2 HIGH· v3 N/A· v2 The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite i...Show more The Post Meta Data Manager plugin for WordPress is vulnerable to multisite privilege escalation in all versions up to, and including, 1.4.4. This is due to the plugin not properly verifying the existence of a multisite installation prior to allowing user meta to be added/modified. This makes it possible for authenticated attackers, with Administrator-level access and above, to gain elevated privileges on subsites that would otherwise be inaccessible.Show less
CVE-2025-1121 1Google 1Chrome Os Jul 21, 2025 Mar 7, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-manag...Show more Privilege escalation in Installer and Recovery image handling in Google ChromeOS version 15786.48.2 on device allows an attacker with physical access to gain root code execution and potentially unenroll enterprise-managed devices via a specially crafted recovery image.Show less
CVE-2024-12281 - - Apr 8, 2026 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes...Show more The Homey theme for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.2. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the Administrator, Editor, or Shop Manager role.Show less
CVE-2024-11951 - - Mar 5, 2025 Mar 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own...Show more The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role.Show less
CVE-2025-27644 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Local Privilege Escalation V-2024-007.
CVE-2025-27639 1Printerlogic 2Vasion Print Virtual Appliance Nov 3, 2025 Mar 5, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.1002 Application 20.0.2614 allows Privilege Escalation V-2024-015.
CVE-2025-1425 - - Mar 4, 2025 Mar 4, 2025 4.7 MEDIUM· v4 N/A· v3 N/A· v2 A Sudo privilege misconfiguration vulnerability in PocketBook InkPad Color 3 on Linux, ARM allows attackers to read file contents on the device.This issue affects InkPad Color 3: U743k3.6.8.3671.
CVE-2025-1424 - - Mar 4, 2025 Mar 4, 2025 8.6 HIGH· v4 N/A· v3 N/A· v2 A privilege escalation vulnerability in PocketBook InkPad Color 3 allows attackers to escalate to root privileges if they gain physical access to the device. This issue affects InkPad Color 3 in version U743k3.6.8.3671.
CVE-2024-24778 1Apache 1Streampipes Jul 8, 2025 Mar 3, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended...Show more Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue.Show less
CVE-2024-8420 1Sitesao 1Dhvc Form Mar 6, 2025 Feb 28, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it p...Show more The DHVC Form plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.7. This is due to the plugin allowing a user to supply the 'role' field when registering. This makes it possible for unauthenticated attackers to register as an administrator on sites.Show less
CVE-2024-36046 1Infoblox 1Nios Apr 10, 2025 Feb 27, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Infoblox NIOS through 8.6.4 executes with more privileges than required.

Previous 1...293031...139 Next