Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
privilege escalation vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-33730
Privilege Escalation in the "GetUserCurrentPwd" function in Microworld Technologies eScan Management Console 14.0.1400.2281 allows any remote malicious user to retrieve password of any admin or normal user in plain text format.
Escanav Escan Management Console 14.0.1400.2281
1 Github repository
9.8
CVSSv3
CVE-2023-2987
The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wa_pdx_op_config_set' function in versions up to, and including, 1.5.0. This makes it possible for unauthenticated malicious use...
Wordapp Wordapp
9.8
CVSSv3
CVE-2023-29727
The Call Blocker application 6.6.3 for Android allows unauthorized applications to use exposed components to delete data stored in its database that is related to user privacy settings and affects the implementation of the normal functionality of the application. An attacker can ...
Applika Call Blocker 6.6.3
9.8
CVSSv3
CVE-2023-29739
An issue found in Alarm Clock for Heavy Sleepers v.5.3.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component.
Amdroidapp Alarm Clock For Heavy Sleepers 5.3.2
9.8
CVSSv3
CVE-2023-29734
An issue found in edjing Mix v.7.09.01 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the database.
Mwm Edjing Mix 7.09.01
9.8
CVSSv3
CVE-2023-32243
Improper Authentication vulnerability in WPDeveloper Essential Addons for Elementor allows Privilege Escalation. This issue affects Essential Addons for Elementor: from 5.4.0 up to and including 5.7.1.
Wpdeveloper Essential Addons For Elementor
8 Github repositories
9.8
CVSSv3
CVE-2023-31498
A privilege escalation issue was found in PHP Gurukul Hospital Management System In v.4.0 allows a remote malicious user to execute arbitrary code and access sensitive information via the session token parameter.
Phpgurukul Hospital Management System 4.0
9.8
CVSSv3
CVE-2021-26379
Insufficient input validation of mailbox data in the SMU may allow an malicious user to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation.
Amd Epyc 72f3 Firmware
Amd Epyc 7313 Firmware
Amd Epyc 7313p Firmware
Amd Epyc 7343 Firmware
Amd Epyc 7373x Firmware
Amd Epyc 73f3 Firmware
Amd Epyc 7413 Firmware
Amd Epyc 7443 Firmware
Amd Epyc 7443p Firmware
Amd Epyc 7453 Firmware
Amd Epyc 7473x Firmware
Amd Epyc 74f3 Firmware
Amd Epyc 7513 Firmware
Amd Epyc 7543 Firmware
Amd Epyc 7543p Firmware
Amd Epyc 7573x Firmware
Amd Epyc 75f3 Firmware
Amd Epyc 7643 Firmware
Amd Epyc 7663 Firmware
Amd Epyc 7713 Firmware
Amd Epyc 7713p Firmware
Amd Epyc 7763 Firmware
9.8
CVSSv3
CVE-2023-30869
Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 up to and including 3.1.1.4.1.
Sandhillsdev Easy Digital Downloads
9.8
CVSSv3
CVE-2023-26918
Diasoft File Replication Pro 7.5.0 allows malicious users to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
Filereplicationpro File Replication Pro 7.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »