Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: privilege-escalation Clear
ID Title
CVE-2026-49134 Vulnerability in privilege-escalation (CVE-2026-49134)
vulnerability in privilege-escalation (CVE-2026-49134). Successful exploitation can lead to full system takeover.
CVE-2026-45275 Vulnerability in privilege-escalation (CVE-2026-45275)
vulnerability in privilege-escalation (CVE-2026-45275). Confidential information can be exposed externally.
CVE-2026-41013 Vulnerability in privilege-escalation (CVE-2026-41013)
vulnerability in privilege-escalation (CVE-2026-41013). Confidential information can be exposed externally.
CVE-2026-48879 Vulnerability in privilege-escalation (CVE-2026-48879)
vulnerability in privilege-escalation (CVE-2026-48879). Successful exploitation can lead to full system takeover.
CVE-2026-42680 Vulnerability in privilege-escalation (CVE-2026-42680)
vulnerability in privilege-escalation (CVE-2026-42680). Successful exploitation can lead to full system takeover.
CVE-2026-10532 Unsafe Deserialization in privilege-escalation (CVE-2026-10532)
vulnerability in privilege-escalation (CVE-2026-10532). Risk of unauthorized operations or information disclosure.
CVE-2026-9051 Vulnerability in privilege-escalation (CVE-2026-9051)
vulnerability in privilege-escalation (CVE-2026-9051). Confidential information can be exposed externally.
CVE-2026-44962 Vulnerability in privilege-escalation (CVE-2026-44962)
vulnerability in privilege-escalation (CVE-2026-44962). Successful exploitation can lead to full system takeover.
CVE-2026-32906 Authorization Flaw in privilege-escalation (CVE-2026-32906)
vulnerability in privilege-escalation (CVE-2026-32906). Risk of unauthorized operations or information disclosure.
CVE-2026-45043 Privilege Escalation in privilege-escalation (CVE-2026-45043)
vulnerability in privilege-escalation (CVE-2026-45043). Risk of unauthorized operations or information disclosure. Exploitable via `PUT /rustfs/admin/v3/import-iam`. Mitigation: upgrade to `1.0.0-beta.2` or later.
CVE-2026-8732 Vulnerability in wordpress (CVE-2026-8732)
vulnerability in wordpress (CVE-2026-8732). Successful exploitation can lead to full system takeover.
CVE-2026-8809 Privilege Escalation in wordpress (CVE-2026-8809)
vulnerability in wordpress (CVE-2026-8809). Successful exploitation can lead to full system takeover.
CVE-2026-5343 Vulnerability in drupal (CVE-2026-5343)
vulnerability in drupal (CVE-2026-5343). Confidential information can be exposed externally.
CVE-2026-49095 Vulnerability in elk (CVE-2026-49095)
vulnerability in elk (CVE-2026-49095). Confidential information can be exposed externally. Mitigation: upgrade to `8.19.16, 9.3.5, 9.4.2` or later.
CVE-2026-9094 Vulnerability in privilege-escalation (CVE-2026-9094)
vulnerability in privilege-escalation (CVE-2026-9094). Successful exploitation can lead to full system takeover.
CVE-2026-22872 Vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872)
vulnerability in github.com/projectcapsule/capsule (CVE-2026-22872). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `0.13.0` or later.
CVE-2026-9828 Unsafe Deserialization in ch.qos.logback:logback-core (CVE-2026-9828)
vulnerability in ch.qos.logback:logback-core (CVE-2026-9828). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.5.33` or later.
CVE-2026-8980 Privilege Escalation in privilege-escalation (CVE-2026-8980)
vulnerability in privilege-escalation (CVE-2026-8980). Risk of unauthorized operations or information disclosure.
CVE-2026-49237 Vulnerability in privilege-escalation (CVE-2026-49237)
vulnerability in privilege-escalation (CVE-2026-49237). Successful exploitation can lead to full system takeover.
CVE-2026-6226 Privilege Escalation in wordpress (CVE-2026-6226)
vulnerability in wordpress (CVE-2026-6226). Successful exploitation can lead to full system takeover.
CVE-2026-9802 Vulnerability in org.keycloak:keycloak-services (CVE-2026-9802)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9802). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
CVE-2026-9795 Vulnerability in org.keycloak:keycloak-services (CVE-2026-9795)
vulnerability in org.keycloak:keycloak-services (CVE-2026-9795). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.4` or later.
CVE-2026-32996 This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation.
CVE-2026-9789 Path Traversal in privilege-escalation (CVE-2026-9789)
path traversal in privilege-escalation (CVE-2026-9789). Risk of unauthorized operations or information disclosure.
CVE-2026-48150 Vulnerability in @budibase/server (CVE-2026-48150)
vulnerability in @budibase/server (CVE-2026-48150). Confidential information can be exposed externally. Exploitable via `GET /api/global/self/api_key`. Mitigation: upgrade to `3.39.0` or later.
CVE-2025-68712 Vulnerability in c (CVE-2025-68712)
vulnerability in c (CVE-2025-68712). Confidential information can be exposed externally.
CVE-2026-9704 Vulnerability in org.keycloak:keycloak-server-spi-private (CVE-2026-9704)
vulnerability in org.keycloak:keycloak-server-spi-private (CVE-2026-9704). Confidential information can be exposed externally. Mitigation: upgrade to `26.6.3` or later.
CVE-2026-42758 Vulnerability in privilege-escalation (CVE-2026-42758)
vulnerability in privilege-escalation (CVE-2026-42758). Successful exploitation can lead to full system takeover.
CVE-2026-42731 Vulnerability in privilege-escalation (CVE-2026-42731)
vulnerability in privilege-escalation (CVE-2026-42731). Successful exploitation can lead to full system takeover.
CVE-2025-41670 Vulnerability in privilege-escalation (CVE-2025-41670)
vulnerability in privilege-escalation (CVE-2025-41670). Successful exploitation can lead to full system takeover.
CVE-2026-8787 Privilege Escalation in wordpress (CVE-2026-8787)
vulnerability in wordpress (CVE-2026-8787). Successful exploitation can lead to full system takeover. Exploitable via ``user_email``.
CVE-2025-68711 Vulnerability in c (CVE-2025-68711)
vulnerability in c (CVE-2025-68711). Risk of unauthorized operations or information disclosure.
CVE-2025-68708 Vulnerability in c (CVE-2025-68708)
vulnerability in c (CVE-2025-68708). Risk of unauthorized operations or information disclosure.
CVE-2025-68710 Vulnerability in c (CVE-2025-68710)
vulnerability in c (CVE-2025-68710). Risk of unauthorized operations or information disclosure.
CVE-2025-68709 Cross-Site Scripting (XSS) in privilege-escalation (CVE-2025-68709)
cross-site scripting in privilege-escalation (CVE-2025-68709). Risk of unauthorized operations or information disclosure.
CVE-2026-9560 OS Command Injection in privilege-escalation (CVE-2026-9560)
OS command injection in privilege-escalation (CVE-2026-9560). Successful exploitation can lead to full system takeover.
CVE-2026-48899 Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
Joomla! Core - [20260515] - Incorrect Access Control in sample data plugins
CVE-2026-48898 Joomla! Core - [20260513] - Privilege escalation through com_users batch task
Joomla! Core - [20260513] - Privilege escalation through com_users batch task
CVE-2026-25112 Vulnerability in privilege-escalation (CVE-2026-25112)
vulnerability in privilege-escalation (CVE-2026-25112). Successful exploitation can lead to full system takeover.
CVE-2026-44469 Vulnerability in privilege-escalation (CVE-2026-44469)
vulnerability in privilege-escalation (CVE-2026-44469). Successful exploitation can lead to full system takeover.
CVE-2026-44468 Vulnerability in privilege-escalation (CVE-2026-44468)
vulnerability in privilege-escalation (CVE-2026-44468). Successful exploitation can lead to full system takeover.
CVE-2026-45216 Vulnerability in privilege-escalation (CVE-2026-45216)
vulnerability in privilege-escalation (CVE-2026-45216). Successful exploitation can lead to full system takeover.
CVE-2026-48845 Vulnerability in privilege-escalation (CVE-2026-48845)
vulnerability in privilege-escalation (CVE-2026-48845). Risk of unauthorized operations or information disclosure.
CVE-2026-9489 Path Traversal in privilege-escalation (CVE-2026-9489)
path traversal in privilege-escalation (CVE-2026-9489). Risk of unauthorized operations or information disclosure.
CVE-2026-6895 Privilege Escalation in wordpress (CVE-2026-6895)
vulnerability in wordpress (CVE-2026-6895). Successful exploitation can lead to full system takeover.
CVE-2026-6419 Privilege Escalation in wordpress (CVE-2026-6419)
vulnerability in wordpress (CVE-2026-6419). Successful exploitation can lead to full system takeover.
CVE-2026-9018 Privilege Escalation in wordpress (CVE-2026-9018)
vulnerability in wordpress (CVE-2026-9018). Successful exploitation can lead to full system takeover. Exploitable via ``wp_ajax_nopriv_eel_register``.
CVE-2026-39821 Vulnerability in golang.org/x/net (CVE-2026-39821)
vulnerability in golang.org/x/net (CVE-2026-39821). Confidential information can be exposed externally. Mitigation: upgrade to `0.55.0` or later.
CVE-2026-8350 Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
CVE-2026-47101 Authorization Flaw in litellm (CVE-2026-47101)
vulnerability in litellm (CVE-2026-47101). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `1.83.14` or later.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →