Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-46894
Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.
Huawei Emui 12.0.0
Huawei Harmonyos 2.0.0
9.8
CVSSv3
CVE-2023-3460
The Ultimate Member WordPress plugin prior to 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing malicious users to create administrator accounts at will. This is actively being exploited in the wild.
Ultimatemember Ultimate Member
9 Github repositories
9.8
CVSSv3
CVE-2023-28324
A improper input validation vulnerability exists in Ivanti Endpoint Manager 2022 and below that could allow privilege escalation or remote code execution.
Ivanti Endpoint Manager
9.8
CVSSv3
CVE-2023-3325
The CMS Commander plugin for WordPress is vulnerable to authorization bypass due to the use of an insufficiently unique cryptographic signature on the 'cmsc_add_site' function in versions up to, and including, 2.287. This makes it possible for unauthenticated malicious ...
Cmscommander Cms Commander
9.8
CVSSv3
CVE-2023-34159
Improper permission control vulnerability in the Notepad app.Successful exploitation of the vulnerability may lead to privilege escalation, which affects availability and confidentiality.
Huawei Emui 13.0.0
9.8
CVSSv3
CVE-2021-0945
In _PMRCreate of the PowerVR kernel driver, a missing bounds check means it is possible to overwrite heap memory via PhysmemNewRamBackedPMR. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...
Google Android -
9.8
CVSSv3
CVE-2021-0701
In PVRSRVBridgeSyncPrimOpCreate of the PowerVR kernel driver, a missing size check means there is a possible integer overflow that could allow out-of-bounds heap access. This could lead to local escalation of privilege with no additional execution privileges needed. User interact...
Google Android -
9.8
CVSSv3
CVE-2023-2530
A privilege escalation allowing remote code execution exists in the orchestration service.
Puppet Puppet Enterprise 2023.0
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2023.1.0
9.8
CVSSv3
CVE-2023-33863
SerialiseValue in RenderDoc prior to 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.
Renderdoc Renderdoc
9.8
CVSSv3
CVE-2023-33864
StreamReader::ReadFromExternal in RenderDoc prior to 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.
Renderdoc Renderdoc
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »