Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: privilege-escalation Clear
ID Title
CVE-2026-54369 Vulnerability in privilege-escalation (CVE-2026-54369)
vulnerability in privilege-escalation (CVE-2026-54369). Confidential information can be exposed externally.
CVE-2026-54371 Vulnerability in privilege-escalation (CVE-2026-54371)
vulnerability in privilege-escalation (CVE-2026-54371). Confidential information can be exposed externally.
CVE-2026-25707 Vulnerability in path-traversal (CVE-2026-25707)
vulnerability in path-traversal (CVE-2026-25707). Successful exploitation can lead to full system takeover.
CVE-2026-58054 MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
CVE-2026-12415 Privilege Escalation in wordpress (CVE-2026-12415)
vulnerability in wordpress (CVE-2026-12415). Successful exploitation can lead to full system takeover.
CVE-2026-55069 Vulnerability in privilege-escalation (CVE-2026-55069)
vulnerability in privilege-escalation (CVE-2026-55069). Confidential information can be exposed externally. Mitigation: upgrade to `1.3.24` or later.
CVE-2026-46710 Vulnerability in privilege-escalation (CVE-2026-46710)
vulnerability in privilege-escalation (CVE-2026-46710). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `8.9.6` or later.
CVE-2026-57518 Vulnerability in privilege-escalation (CVE-2026-57518)
vulnerability in privilege-escalation (CVE-2026-57518). Successful exploitation can lead to full system takeover.
CVE-2026-9640 Authorization Flaw in privilege-escalation (CVE-2026-9640)
vulnerability in privilege-escalation (CVE-2026-9640). Successful exploitation can lead to full system takeover.
CVE-2026-56030 Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.
CVE-2026-56028 Vulnerability in privilege-escalation (CVE-2026-56028)
vulnerability in privilege-escalation (CVE-2026-56028). Successful exploitation can lead to full system takeover.
CVE-2026-56033 Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.
CVE-2026-56038 Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.
CVE-2026-56008 Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.
CVE-2026-56010 Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.
CVE-2026-40702 Vulnerability in cisa (CVE-2026-40702)
vulnerability in cisa (CVE-2026-40702). Confidential information can be exposed externally.
CVE-2026-11800 Vulnerability in privilege-escalation (CVE-2026-11800)
vulnerability in privilege-escalation (CVE-2026-11800). Confidential information can be exposed externally.
CVE-2026-57520 Vulnerability in privilege-escalation (CVE-2026-57520)
vulnerability in privilege-escalation (CVE-2026-57520). Data can be tampered with by attackers.
CVE-2026-54573 Authorization Flaw in privilege-escalation (CVE-2026-54573)
vulnerability in privilege-escalation (CVE-2026-54573). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.8.0` or later.
CVE-2026-57589 Use-After-Free in c (CVE-2026-57589)
vulnerability in c (CVE-2026-57589). Successful exploitation can lead to full system takeover.
CVE-2026-52943 Vulnerability in privilege-escalation (CVE-2026-52943)
vulnerability in privilege-escalation (CVE-2026-52943). Successful exploitation can lead to full system takeover.
CVE-2026-4297 Vulnerability in wordpress (CVE-2026-4297)
vulnerability in wordpress (CVE-2026-4297). Successful exploitation can lead to full system takeover.
CVE-2026-12417 Vulnerability in wordpress (CVE-2026-12417)
vulnerability in wordpress (CVE-2026-12417). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_pravel_change_password``.
CVE-2026-12112 Authentication Bypass in privilege-escalation (CVE-2026-12112)
authentication bypass in privilege-escalation (CVE-2026-12112). Successful exploitation can lead to full system takeover.
CVE-2026-55736 Vulnerability in privilege-escalation (CVE-2026-55736)
vulnerability in privilege-escalation (CVE-2026-55736). Risk of unauthorized operations or information disclosure.
CVE-2026-56694 Authorization Flaw in privilege-escalation (CVE-2026-56694)
vulnerability in privilege-escalation (CVE-2026-56694). Risk of unauthorized operations or information disclosure.
CVE-2026-56693 Vulnerability in privilege-escalation (CVE-2026-56693)
vulnerability in privilege-escalation (CVE-2026-56693). Data can be tampered with by attackers.
CVE-2026-56402 Vulnerability in privilege-escalation (CVE-2026-56402)
vulnerability in privilege-escalation (CVE-2026-56402). Data can be tampered with by attackers.
CVE-2026-54099 A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
CVE-2026-56239 Privilege Escalation in privilege-escalation (CVE-2026-56239)
vulnerability in privilege-escalation (CVE-2026-56239). Data can be tampered with by attackers.
CVE-2026-12673 Vulnerability in privilege-escalation (CVE-2026-12673)
vulnerability in privilege-escalation (CVE-2026-12673). Risk of unauthorized operations or information disclosure.
CVE-2026-11551 Vulnerability in wordpress (CVE-2026-11551)
vulnerability in wordpress (CVE-2026-11551). Successful exploitation can lead to full system takeover.
CVE-2026-23879 Vulnerability in py7zr (CVE-2026-23879)
vulnerability in py7zr (CVE-2026-23879). Successful exploitation can lead to full system takeover. Exploitable via ``py7zr``. Mitigation: upgrade to `1.1.3` or later.
CVE-2020-37254 Vulnerability in privilege-escalation (CVE-2020-37254)
vulnerability in privilege-escalation (CVE-2020-37254). Successful exploitation can lead to full system takeover.
CVE-2016-20090 Vulnerability in privilege-escalation (CVE-2016-20090)
vulnerability in privilege-escalation (CVE-2016-20090). Successful exploitation can lead to full system takeover.
CVE-2016-20092 Vulnerability in privilege-escalation (CVE-2016-20092)
vulnerability in privilege-escalation (CVE-2016-20092). Successful exploitation can lead to full system takeover.
CVE-2026-56142 Vulnerability in privilege-escalation (CVE-2026-56142)
vulnerability in privilege-escalation (CVE-2026-56142). Successful exploitation can lead to full system takeover.
CVE-2026-47833 Vulnerability in privilege-escalation (CVE-2026-47833)
vulnerability in privilege-escalation (CVE-2026-47833). Confidential information can be exposed externally.
CVE-2026-49252 Vulnerability in @deepstream/server (CVE-2026-49252)
vulnerability in @deepstream/server (CVE-2026-49252). Confidential information can be exposed externally. Exploitable via ``__proto__``. Mitigation: upgrade to `10.0.5` or later.
CVE-2026-11958 Vulnerability in c (CVE-2026-11958)
vulnerability in c (CVE-2026-11958). Risk of unauthorized operations or information disclosure.
CVE-2026-55201 Path Traversal in path-traversal (CVE-2026-55201)
path traversal in path-traversal (CVE-2026-55201). Confidential information can be exposed externally.
CVE-2026-48821 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2026-48821)
cross-site scripting in privilege-escalation (CVE-2026-48821). Confidential information can be exposed externally.
CVE-2026-54805 Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
Subscriber Privilege Escalation in Falang multilanguage <= 1.4.2 versions.
CVE-2026-54803 Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
Subscriber Privilege Escalation in SMS Alert Order Notifications <= 3.9.4 versions.
CVE-2026-54807 Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
Unauthenticated Privilege Escalation in Registration Form for WooCommerce <= 1.0.9 versions.
CVE-2026-54196 Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
Subscriber Privilege Escalation in JetFormBuilder <= 3.6.1 versions.
CVE-2026-49058 Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
Unauthenticated Privilege Escalation in LoginPress Pro <= 6.2.2 versions.
CVE-2026-39546 Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
Subscriber Privilege Escalation in MultiLoca <= 4.2.15 versions.
CVE-2026-27395 Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
Unauthenticated Privilege Escalation in Support Board < 3.8.9 versions.
CVE-2026-12448 Privilege Escalation in privilege-escalation (CVE-2026-12448)
vulnerability in privilege-escalation (CVE-2026-12448). Successful exploitation can lead to full system takeover.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →