Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the menuId parameter
Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2.
CVE-2025-26201
CRITICAL CVSS 9.1
Find Similar
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
CVE-2025-13375
CRITICAL CVSS 9.8
Find Similar
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
CVE-2026-26369
CRITICAL CVSS 9.3
Find Similar
eNet SMART HOME server 2.2.1 and 2.3.1 contains a privilege escalation vulnerability due to insufficient authorization checks in the setUserGroup JSON-RPC method. A low-privileged user (UG_USER) can s
mcp-server-siri-shortcuts shortcutName Command Injection Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of mcp-server-si
Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script.
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. T
CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installat
Incorrect Privilege Assignment vulnerability in Bowo Admin and Site Enhancements (ASE) admin-site-enhancements allows Privilege Escalation.This issue affects Admin and Site Enhancements (ASE): from n/
A privilege escalation (PE) vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/
Insufficient server-side controls in the management console of Ivanti Workspace Control before version 2025.2 (10.19.0.0) allows a local authenticated attacker to escalate their privileges.
CVE-2025-41663
CRITICAL CVSS 9.8
Find Similar
For u-link Management API an unauthenticated remote attacker in a man-in-the-middle position can inject arbitrary commands in responses returned by WWH servers, which are then executed with elevated p
Incorrect Use of Privileged APIs vulnerability in NomySoft Information Technology Training and Consulting Inc. Nomysem allows Privilege Escalation. This issue affects Nomysem: through May 2025.
CVE-2024-12356
CRITICAL CVSS 9.8 KEV
Find Similar
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site us