Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CVEs (2,777)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-29975 1Zyxel 2Nas326 Firmware Nas542 Firmware Jan 22, 2025 Jun 4, 2024 N/A· v4 6.7 MEDIUM· v3 N/A· v2 UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0...Show more UNSUPPORTED WHEN ASSIGNED The improper privilege management vulnerability in the SUID executable binary in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an authenticated local attacker with administrator privileges to execute some system commands as the “root” user on a vulnerable device.Show less
CVE-2023-46810 1Ivanti 1Secure Access Client Jun 20, 2025 May 31, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as root.
CVE-2024-5525 1Codester 1Astrotalks Oct 23, 2025 May 31, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the...Show more Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions.Show less
CVE-2024-35430 1Zkteco 1Zkbio Cvsecurity Jul 9, 2025 May 30, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application.
CVE-2023-43845 1Aten 1Pe6208 Firmware May 30, 2025 May 28, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console an...Show more Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator privileges.Show less
CVE-2024-36056 - - Nov 21, 2024 May 26, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading...Show more Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation.Show less
CVE-2024-34454 - - Nov 21, 2024 May 26, 2024 N/A· v4 7.4 HIGH· v3 N/A· v2 Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and igno...Show more Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name).Show less
CVE-2024-27264 1Ibm 1I Jun 30, 2025 May 22, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator pr...Show more IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563.Show less
CVE-2024-36077 - - Nov 21, 2024 May 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to...Show more Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34).Show less
CVE-2024-33226 - - Nov 21, 2024 May 22, 2024 N/A· v4 9.9 CRITICAL· v3 N/A· v2 An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-33224 - - Mar 13, 2025 May 22, 2024 N/A· v4 8.4 HIGH· v3 N/A· v2 An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-33223 - - Nov 21, 2024 May 22, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.
CVE-2024-31756 - - Nov 21, 2024 May 21, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component.
CVE-2024-31757 - - Nov 21, 2024 May 21, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.
CVE-2024-4988 - - Nov 21, 2024 May 21, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 The mobile application (com.transsion.videocallenhancer) interface has improper permission control, which can lead to the risk of private file leakage.
CVE-2024-32960 - - Nov 21, 2024 May 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
CVE-2024-32959 1Sirv 1Sirv Apr 23, 2026 May 17, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
CVE-2024-34370 1Wpfactory 1Ean For Woocommerce Feb 12, 2025 May 17, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in WPFactory EAN for WooCommerce allows Privilege Escalation.This issue affects EAN for WooCommerce: from n/a through 4.8.9.
CVE-2024-33569 - - Nov 21, 2024 May 17, 2024 N/A· v4 7.2 HIGH· v3 N/A· v2 Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0.
CVE-2024-33567 - - Nov 21, 2024 May 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1....Show more Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3.Show less

Previous 1...424344...139 Next