Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-3325 1Cloud 1Jasperreports Server Oct 14, 2025 Jul 10, 2024 8.6 HIGH· v4 7.2 HIGH· v3 N/A· v2 Vulnerability in Jaspersoft JasperReport Servers.This issue affects JasperReport Servers: from 8.0.4 through 9.0.0.
CVE-2024-6411 1Metagauss 1Profilegrid Apr 8, 2026 Jul 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in...Show more The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.8.9. This is due to a lack of validation on user-supplied data in the 'pm_upload_image' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their user capabilities to Administrator.Show less
CVE-2024-34725 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges...Show more In DevmemIntUnexportCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31334 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execu...Show more In DevmemIntFreeDefBackingPage of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31325 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User in...Show more In multiple locations, there is a possible way to reveal images across users data due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31323 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed...Show more In onCreate of multiple files, there is a possible way to trick the user into granting health permissions due to tapjacking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31322 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to lo...Show more In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Show less
CVE-2024-31320 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional e...Show more In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31318 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional exe...Show more In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31313 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. U...Show more In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-31311 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User...Show more In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-23711 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional executio...Show more In DevmemXIntUnreserveRange of devicemem_server.c, there is a possible arbitrary code execution due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21114 1Google 1Android Dec 17, 2024 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...Show more In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2023-21113 1Google 1Android Mar 13, 2025 Jul 9, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for e...Show more In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-38089 1Microsoft 1Defender For Iot Nov 21, 2024 Jul 9, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 Microsoft Defender for IoT Elevation of Privilege Vulnerability
CVE-2024-37952 1Themeenergy 1Book Your Travel Nov 21, 2024 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in themeenergy BookYourTravel allows Privilege Escalation.This issue affects BookYourTravel: from n/a through 8.18.17.
CVE-2024-37484 1Zephyr One 1Zephyr Project Manager Feb 10, 2025 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Dylan James Zephyr Project Manager allows Privilege Escalation.This issue affects Zephyr Project Manager: from n/a through 3.3.97.
CVE-2024-37455 1Brainstormforce 1Ultimate Addons For Elementor Nov 21, 2024 Jul 9, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
CVE-2024-27711 1Eskooly 1Eskooly Nov 21, 2024 Jul 5, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the Sin-up process function in the account settings.
CVE-2024-27710 1Eskooly 1Eskooly Apr 16, 2025 Jul 5, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via the authentication mechanism.

Previous 1...394041...139 Next