Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to s
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity, and availability of the workstation when non-admin authenticated u
A CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation when the server is accessed by a privileged account via a console and through exploitation of a
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configurat
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged user (admin) in the system. This results in privilege escalation.
Insufficient authentication in user account management in Yugabyte Platform allows local network attackers with a compromised user session to change critical security information without re-authentica
A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their pri
CVE-2024-48920
CRITICAL CVSS 9.1
Find Similar
PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform
M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /ap
CVE-2025-57118
CRITICAL CVSS 9.8
Find Similar
An issue in PHPGurukul Online-Library-Management-System v3.0 allows an attacker to escalate privileges via the index.php
CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized access, loss of confidentiality, integrity and availability of the workstation when non-admin authenticated us
An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access
Improper Privilege Management vulnerability in realmag777 HUSKY allows Privilege Escalation.This issue affects HUSKY: from n/a through 1.3.6.1.
CVE-2025-57119
CRITICAL CVSS 9.8
Find Similar
An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function
An unauthenticated user can upload arbitrary files to execute remote code, leading to privilege escalation in MagicInfo9 Server. This issue affects MagicINFO 9 Server: less than 21.1090.1.
In multiple locations there is a possible provisioning bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User in
A privilege escalation vulnerability was identified in GitHub Enterprise Server that allowed an authenticated Enterprise admin to gain root SSH access to the appliance by exploiting a symlink escape i
CVE-2021-47932
CRITICAL CVSS 9.3
Find Similar
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler.
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to
Page 1+ Next →