In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and
An authentication-bypass issue in the RDP component of One Identity Safeguard for Privileged Sessions (SPS) On Premise before 7.5.1 (and LTS before 7.0.5.1) allows man-in-the-middle attackers to obtai
Insufficient verification of data authenticity in some Intel(R) DSA software before version 23.4.39 may allow an authenticated user to potentially enable escalation of privilege via local access.
An Incorrect Implementation of Authentication Algorithm and Exposure of Data Element to Wrong Ses-sion vulnerability in the session handling used in B&R APROL <4.4-00P5 may allow an authenticated netw
Due to a missing authorization check in SAP NetWeaver Application server for ABAP, an authenticated user with high privileges could exploit the insufficient validation of user permissions to access se
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.
A low-privileged user can bypass account credentials without confirming the user's current authentication state, which may lead to unauthorized privilege escalation.
IBM Common Cryptographic Architecture (CCA) 7.5.52 and 8.4.82 could allow an unauthenticated user to execute arbitrary commands with elevated privileges on the system.
Sensitive data storage in improperly locked memory in Windows Update Stack allows an authorized attacker to elevate privileges locally.
The lack of access restriction to a resource from unauthorized users makes MXsecurity software versions v1.1.0 and prior vulnerable. By acquiring a valid authenticator, an attacker can pose as an auth
An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session.
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
WAGO 750-8212 PFC200 G2 2ETH RS firmware contains a privilege escalation vulnerability that allows attackers to manipulate user session cookies. Attackers can modify the cookie's 'name' and 'roles' pa
Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network.
Inadequate encryption strength for some BMRA software before version 22.08 may allow an authenticated user to potentially enable escalation of privilege via local access.
An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell comman
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on Release 3DEXPERIENCE R2024x allows an authenticated attacker to access some unauthorized data.
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session
Page 1+ Next →