| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34). |
| VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. |
| Improper Privilege Management vulnerability in powerfulwp Local Delivery Drivers for WooCommerce allows Privilege Escalation.This issue affects Local Delivery Drivers for WooCommerce: from n/a through 1.9.0. |
| In Malwarebytes For Teams v.1.0.990 and before and fixed in v.1.0.1003 and later a privilege escalation can occur via the COM interface running in mbamservice.exe. |
| Improper Privilege Management vulnerability in Booking Ultra Pro allows Privilege Escalation.This issue affects Booking Ultra Pro: from n/a through 1.1.12. |
| 266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49. |
| An issue with WordPress directory names in WebPros WordPress Toolkit before 6.9.1 allows privilege escalation. |
| Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS. |
| A symlink following vulnerability in the pouch cp function of AliyunContainerService pouch v1.3.1 allows attackers to escalate privileges and write arbitrary files. |
| An issue in MarvinTest Solutions Hardware Access Driver v.5.0.3.0 and before and fixed in v.5.0.4.0 allows a local attacker to escalate privileges via the Hw65.sys component. |
| The Homey Login Register plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.4.0. This is due to the plugin allowing users who are registering new accounts to set their own role. This makes it possible for unauthenticated attackers to gain elevated privileges by creating an account with the administrator role. |
| An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. |
| Improper Privilege Management vulnerability in Glowlogix WP Frontend Profile allows Privilege Escalation.This issue affects WP Frontend Profile: from n/a through 1.3.1. |
| Improper privilege management in Yugabyte Platform allows authenticated admin users to escalate privileges to SuperAdmin via a crafted PUT HTTP request, potentially leading to unauthorized access to sensitive system functions and data. |
| An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component. |
| Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G. |
| Improper Privilege Management vulnerability in IOSS WP MLM Unilevel allows Privilege Escalation.This issue affects WP MLM Unilevel: from n/a through 4.0. |
| The Platform component of Mitel OpenScape 4000 and OpenScape 4000 Manager through V10 R1.54.1 and V11 through R0.22.1 could allow an authenticated attacker to conduct a privilege escalation attack due to the execution of a resource with unnecessary privileges. A successful exploit could allow an attacker to execute arbitrary commands with elevated privileges. |
| An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. |
| Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. |
