| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Windows DWM Core Library Elevation of Privilege Vulnerability |
| Windows Accounts Picture Elevation of Privilege Vulnerability |
| Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Windows Kernel Elevation of Privilege Vulnerability |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| Windows SMB Witness Service Elevation of Privilege Vulnerability |
| Windows Installer Elevation of Privilege Vulnerability |
| Azure Service Fabric Container Elevation of Privilege Vulnerability |
| Windows GDI Elevation of Privilege Vulnerability |
| An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. |
| The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. |
| The Funnel Builder plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the activate_plugin function in versions up to, and including, 1.3.0. This makes it possible for authenticated attackers to activate any plugin on the vulnerable service. |
| A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. |
