Search Results (9530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-43153 1 Xtendify 1 Woffice 2026-04-23 9.8 Critical
Incorrect Privilege Assignment vulnerability in WofficeIO Woffice woffice.This issue affects Woffice: from n/a through <= 5.4.10.
CVE-2024-35700 1 Userproplugin 1 Userpro 2026-04-23 9.8 Critical
Incorrect Privilege Assignment vulnerability in DeluxeThemes Userpro userpro.This issue affects Userpro: from n/a through <= 5.1.8.
CVE-2024-32959 2 Sirv, Wordpress 2 Sirv, Wordpress 2026-04-23 8.8 High
Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
CVE-2024-32555 1 Wordpress 1 Wordpress 2026-04-23 9.8 Critical
Incorrect Privilege Assignment vulnerability in InspiryThemes Easy Real Estate easy-real-estate allows Privilege Escalation.This issue affects Easy Real Estate: from n/a through <= 2.2.9.
CVE-2024-32507 2026-04-23 8.8 High
Incorrect Privilege Assignment vulnerability in Hamid Alinia Login with phone number login-with-phone-number.This issue affects Login with phone number: from n/a through <= 1.7.16.
CVE-2024-32444 2 Inspirythemes, Wordpress 2 Realhomes, Wordpress 2026-04-23 9.8 Critical
Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes realhomes allows Privilege Escalation.This issue affects RealHomes: from n/a through <= 4.3.6.
CVE-2024-28000 1 Litespeedtech 1 Litespeed Cache 2026-04-23 9.8 Critical
Incorrect Privilege Assignment vulnerability in LiteSpeed Technologies LiteSpeed Cache litespeed-cache.This issue affects LiteSpeed Cache: from n/a through <= 6.3.0.1.
CVE-2024-22145 1 Instawp 1 Instawp Connect 2026-04-23 8.8 High
Incorrect Privilege Assignment vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.8.
CVE-2026-35248 1 Oracle 1 Vm Virtualbox 2026-04-23 5 Medium
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).
CVE-2026-34287 1 Oracle 1 Identity Manager Connector 2026-04-23 9.1 Critical
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager Connector. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Identity Manager Connector accessible data as well as unauthorized access to critical data or complete access to all Oracle Identity Manager Connector accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-1250 1 Gitlab 1 Gitlab 2026-04-23 6.5 Medium
An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation.
CVE-2026-6769 1 Mozilla 2 Firefox, Thunderbird 2026-04-23 8.8 High
Privilege escalation in the Debugger component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2026-6761 1 Mozilla 2 Firefox, Thunderbird 2026-04-23 8.8 High
Privilege escalation in the Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
CVE-2007-1227 1 Mcafee 1 Virex 2026-04-23 N/A
VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
CVE-2007-4390 1 Bluecat Networks 1 Adonis 2026-04-23 N/A
The Command Line Interface (CLI), aka Adonis Administration Console, on the BlueCat Networks Adonis DNS/DHCP appliance 5.0.2.8 allows local admin users to gain root privileges on the underlying operating system via shell metacharacters in a command.
CVE-2009-2718 3 Redhat, Sun, X.org 3 Rhel Extras, Java Se, X11 2026-04-23 N/A
The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 before Update 15 on X11 does not impose the intended constraint on distance from the window border to the Security Warning Icon, which makes it easier for context-dependent attackers to trick a user into interacting unsafely with an untrusted applet.
CVE-2009-2669 1 Ibm 1 Aix 2026-04-23 N/A
A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1.
CVE-2007-5665 1 Novell 1 Zenworks Endpoint Security Management 2026-04-23 N/A
STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management (ESM) 3.5, and other ESM versions before 3.5.0.82, dynamically creates scripts in a world-writable directory when generating diagnostic reports, which allows local users to gain privileges, as demonstrated by creating a cmd.exe binary in the diagnostic report directory.
CVE-2009-2737 1 Toni Mueller 1 Roundup 2026-04-23 N/A
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
CVE-2009-0872 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes.