Search CVEs

Top 20 matches Showing top matches — use filters or a more specific query to narrow

CVE-2025-27237

HIGH CVSS 7.3

In Zabbix Agent and Agent 2 on Windows, the OpenSSL configuration file is loaded from a path writable by low-privileged users, allowing malicious modification and potential local privilege escalation

CVE-2026-24291

HIGH CVSS 7.8

Find Similar

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.

microsoft

CVE-2025-21281

HIGH CVSS 7.8

Find Similar

Microsoft COM for Windows Elevation of Privilege Vulnerability

microsoft

CVE-2024-43636

HIGH CVSS 7.8

Find Similar

Win32k Elevation of Privilege Vulnerability

microsoft

CVE-2024-8504

HIGH CVSS 8.8

Find Similar

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell comman

CVE-2025-58714

HIGH CVSS 7.8

Find Similar

Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

microsoft

CVE-2026-45176

HIGH CVSS 8.9

Find Similar

Idira Endpoint Privilege Manager Agent versions prior to 26.5 exhibit improper access control within high-privileged agent components. A local, low-privileged attacker could exploit this by manipulati

paloaltonetworks apple linux

CVE-2025-53152

HIGH CVSS 7.8

Find Similar

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.

microsoft

CVE-2026-27923

HIGH CVSS 7.8

Find Similar

Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally.

microsoft

CVE-2025-40547

CRITICAL CVSS 9.1

Find Similar

A logic error vulnerability exists in Serv-U which when abused could give a malicious actor with access to admin privileges the ability to execute code. This issue requires administrative privileges

solarwinds

CVE-2025-49692

HIGH CVSS 7.8

Find Similar

Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.

microsoft

CVE-2024-38162

HIGH CVSS 7.8

Find Similar

Azure Connected Machine Agent Elevation of Privilege Vulnerability

microsoft

CVE-2025-8486

HIGH CVSS 8.5

Find Similar

A potential vulnerability was reported in PC Manager that could allow a local authenticated user to execute code with elevated privileges.

lenovo

CVE-2025-8453

HIGH CVSS 8.4

Find Similar

CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configurat

CVE-2025-49677

HIGH CVSS 7.0

Find Similar

Use after free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.

microsoft

CVE-2025-21327

MEDIUM CVSS 6.6

Find Similar

Windows Digital Media Elevation of Privilege Vulnerability

microsoft

CVE-2025-21324

MEDIUM CVSS 6.6