Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-42774 1Jayesh 1Hotel Management System Apr 30, 2025 Aug 22, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator se...Show more An Incorrect Access Control vulnerability was found in /admin/delete_room.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to delete valid hotel room entries in the administrator section.Show less
CVE-2024-36439 - - Nov 21, 2024 Aug 22, 2024 N/A· v4 9.4 CRITICAL· v3 N/A· v2 Swissphone DiCal-RED 4009 devices allow a remote attacker to gain access to the administrative web interface via the device password's hash value, without knowing the actual device password.
CVE-2024-33656 1Ami 1Aptio V Jan 12, 2026 Aug 21, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 The DXE module SmmComputrace contains a vulnerability that allows local attackers to leak stack or global memory. This could lead to privilege escalation, arbitrary code execution, and bypassing OS security mechanisms
CVE-2020-11846 1Microfocus 1Netiq Privileged Access Manager Aug 23, 2024 Aug 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects...Show more A vulnerability found in OpenText Privileged Access Manager that issues a token. on successful issuance of the token, a cookie gets set that allows unrestricted access to all the application resources. This issue affects Privileged Access Manager before 3.7.0.1.Show less
CVE-2023-22576 1Dell 1Repository Manager Aug 23, 2024 Aug 21, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the exec...Show more Dell Repository Manager version 3.4.2 and earlier, contain a Local Privilege Escalation Vulnerability in Installation module. A local low privileged attacker may potentially exploit this vulnerability leading to the execution of arbitrary executable on the operating system with high privileges using the existing vulnerability in operating system. Exploitation may lead to unavailability of the service.Show less
CVE-2024-43403 - - Aug 21, 2024 Aug 20, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one...Show more Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation.Show less
CVE-2024-33872 - - Aug 20, 2024 Aug 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges.
CVE-2024-43311 - - Aug 20, 2024 Aug 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Privilege Management vulnerability in Geek Code Lab Login As Users allows Privilege Escalation.This issue affects Login As Users: from n/a through 1.4.2.
CVE-2024-43245 - - Aug 19, 2024 Aug 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Privilege Management vulnerability in eyecix JobSearch allows Privilege Escalation.This issue affects JobSearch: from n/a through 2.3.4.
CVE-2024-43401 1Xwiki 1Xwiki Aug 20, 2024 Aug 19, 2024 N/A· v4 8.0 HIGH· v3 N/A· v2 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious pa...Show more XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.Show less
CVE-2024-43240 1Wpindeed 1Ultimate Membership Pro Apr 23, 2026 Aug 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Authentication vulnerability in azzaroco Ultimate Membership Pro indeed-membership-pro.This issue affects Ultimate Membership Pro: from n/a through <= 12.7.
CVE-2024-44076 1Microcks 1Microcks Aug 21, 2024 Aug 19, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 In Microcks before 1.10.0, the POST /api/import and POST /api/export endpoints allow non-administrator access.
CVE-2024-42995 1Vtiger 1Vtiger Crm Apr 28, 2025 Aug 16, 2024 N/A· v4 8.3 HIGH· v3 N/A· v2 VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules.
CVE-2024-34743 1Google 1Android Dec 17, 2024 Aug 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges neede...Show more In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-34741 1Google 1Android Dec 17, 2024 Aug 15, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a lo...Show more In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-42440 1Zoom 3Meeting Software Development Kit RoomsWorkplace Desktop Aug 28, 2024 Aug 14, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of pri...Show more Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.Show less
CVE-2024-21807 - - Aug 14, 2024 Aug 14, 2024 9.3 CRITICAL· v4 8.8 HIGH· v3 N/A· v2 Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via lo...Show more Improper initialization in the Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access.Show less
CVE-2024-43153 1Xtendify 1Woffice Apr 23, 2026 Aug 13, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
CVE-2024-43121 1Pluginus 1Husky Products Filter Professional For Woocommerce Mar 12, 2025 Aug 13, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
CVE-2024-41903 1Siemens 1Sinec Traffic Analyzer Aug 14, 2024 Aug 13, 2024 7.5 HIGH· v4 7.2 HIGH· v3 N/A· v2 A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow a...Show more A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V2.0). The affected application mounts the container's root filesystem with read and write privileges. This could allow an attacker to alter the container's filesystem leading to unauthorized modifications and data corruption.Show less

Previous 1...363738...139 Next