Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-36500 1Huawei 2Emui Harmonyos Nov 21, 2024 Jun 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-36499 1Huawei 2Emui Harmonyos Nov 21, 2024 Jun 14, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2024-32918 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Permission Bypass allowing attackers to disable HDCP 2.2 encryption by not completing the HDCP Key Exchange initialization steps
CVE-2024-32906 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...Show more In AcvpOnMessage of avcp.cpp, there is a possible EOP due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-32899 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.0 HIGH· v3 N/A· v2 In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privil...Show more In gpu_pm_power_off_top_nolock of pixel_gpu_power.c, there is a possible compromise of protected memory due to a race condition. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-29784 1Google 1Android Nov 21, 2024 Jun 13, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interac...Show more In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2024-36586 - - Nov 21, 2024 Jun 13, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary.
CVE-2024-37665 1Wvp Pro 1Gb28181 Jun 13, 2025 Jun 12, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An access control issue in Wvp GB28181 Pro 2.0 allows authenticated attackers to escalate privileges to Administrator via a crafted POST request.
CVE-2024-5909 1Paloaltonetworks 1Cortex Xdr Agent Nov 21, 2024 Jun 12, 2024 6.8 MEDIUM· v4 5.5 MEDIUM· v3 N/A· v2 A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the C...Show more A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.Show less
CVE-2024-5907 1Paloaltonetworks 1Cortex Xdr Agent Nov 21, 2024 Jun 12, 2024 5.2 MEDIUM· v4 7.0 HIGH· v3 N/A· v2 A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to...Show more A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit.Show less
CVE-2024-5759 1Tenable 1Security Center Nov 21, 2024 Jun 12, 2024 N/A· v4 6.3 MEDIUM· v3 N/A· v2 An improper privilege management vulnerability exists in Tenable Security Center where an authenticated, remote attacker could view unauthorized objects and launch scans without having the required privileges
CVE-2024-33500 - - Nov 21, 2024 Jun 11, 2024 7.4 HIGH· v4 5.9 MEDIUM· v3 N/A· v2 A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions...Show more A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.11.0), Mendix Applications using Mendix 10 (V10.6) (All versions < V10.6.9), Mendix Applications using Mendix 9 (All versions >= V9.3.0 < V9.24.22). Affected applications could allow users with the capability to manage a role to elevate the access rights of users with that role. Successful exploitation requires to guess the id of a target role which contains the elevated access rights.Show less
CVE-2022-37019 1Hp 26Elite Slice Firmware Elite Slice For Meeting Rooms FirmwareElitebook 1040 G3 Firmware+23 more Jan 14, 2026 Jun 10, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulner...Show more Potential vulnerabilities have been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerabilities.Show less
CVE-2024-32849 1Trendmicro 2Maximum Security 2022 Maximum Security 2023 Jul 30, 2025 Jun 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own.
CVE-2024-27811 1Apple 6Ipados Iphone OsMacos+3 more Apr 2, 2026 Jun 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 The issue was addressed with improved checks. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to elevate privileges.
CVE-2024-34332 - - Nov 21, 2024 Jun 10, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in SiSoftware SANDRA v31.66 (SANDRA.sys 15.18.1.1) and before allows an attacker to escalate privileges via a crafted buffer sent to the Kernel Driver using the DeviceIoControl Windows API.
CVE-2024-37364 - - Nov 21, 2024 Jun 6, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially creat...Show more Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS.Show less
CVE-2024-35700 1Userproplugin 1Userpro Apr 23, 2026 Jun 4, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.
CVE-2023-47837 1Reputeinfosystems 1Armember May 29, 2025 Jun 4, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Repute Infosystems ARMember allows Privilege Escalation.This issue affects ARMember: from n/a through 4.0.10.
CVE-2024-29976 1Zyxel 2Nas326 Firmware Nas542 Firmware Jan 22, 2025 Jun 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.1...Show more UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the command “show_allsessions” in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated attacker to obtain a logged-in administrator’s session information containing cookies on an affected device.Show less

Previous 1...414243...139 Next