CVE-2025-6573 — CVSS 9.8 (critical): Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted…
CVE-2024-24116 — CVSS 9.8 (critical): An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm.
CVE-2026-41566: Improper Handling of Insufficient Permissions or Privileges vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: 2.8.0…
CVE-2024-1608 — CVSS 9.1 (critical): In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application…
CVE-2026-24096 — CVSS 8.8 (high): Insufficient permission validation on multiple REST API Quick Setup endpoints in Checkmk 2.5.0 (beta) before version 2.5.0b2 and 2.4.0…
CVE-2025-58770 — CVSS 8.8 (high): APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local…
CVE-2025-8109 — CVSS 8.8 (high): Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory.
CVE-2025-27025 — CVSS 8.8 (high): The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic…
CVE-2025-31173 — CVSS 8.8 (high): Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect…
CVE-2024-6660 — CVSS 8.8 (high): The BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized…
CVE-2024-36451 — CVSS 8.8 (high): Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this…
CVE-2024-22078 — CVSS 8.8 (high): An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable…
CVE-2019-6570 — CVSS 8.8 (high): A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Due to insufficient checking of user…
CVE-2026-0047 — CVSS 8.4 (high): In dumpBitmapsProto of ActivityManagerService.java, there is a possible way for an app to access private information due to a missing…
CVE-2024-51459 — CVSS 8.4 (high): IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions.
CVE-2026-23857 — CVSS 8.2 (high): Dell Update Package (DUP) Framework, versions 23.12.00 through 24.12.00, contains an Improper Handling of Insufficient Permissions or…
CVE-2025-22395 — CVSS 8.2 (high): Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged…
CVE-2025-67848 — CVSS 8.1 (high): A flaw was found in Moodle. This authentication bypass vulnerability allows suspended users to authenticate through the Learning Tools…
CVE-2025-62510 — CVSS 8.1 (high): FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. In version 1.4.0, a regression…
CVE-2025-62509 — CVSS 8.1 (high): FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to version 1.4.0, a business…
CVE-2024-46874 — CVSS 8.1 (high): Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send…
CVE-2024-43702 — CVSS 8.1 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary…
CVE-2024-6302 — CVSS 8.1 (high): Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message…
CVE-2026-45195 — CVSS 7.8 (high): Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write…
CVE-2026-27910 — CVSS 7.8 (high): Improper handling of insufficient permissions or privileges in Windows Installer allows an authorized attacker to elevate privileges…
CVE-2026-2123 — CVSS 7.8 (high): A security audit identified a privilege escalation vulnerability in Operations Agent(<=OA 12.29) on Windows. Under specific conditions…
CVE-2026-20817 — CVSS 7.8 (high): Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges…
CVE-2025-43527 — CVSS 7.8 (high): A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may…
CVE-2025-50170 — CVSS 7.8 (high): Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to…
CVE-2025-25179 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical…
CVE-2025-3931 — CVSS 7.8 (high): A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes…
CVE-2025-30453 — CVSS 7.8 (high): The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.6, macOS Ventura…
CVE-2025-31172 — CVSS 7.8 (high): Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect…
CVE-2025-0478 — CVSS 7.8 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical…
CVE-2024-43705 — CVSS 7.8 (high): Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that…
CVE-2024-32488 — CVSS 7.8 (high): In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the…
CVE-2023-42931 — CVSS 7.8 (high): The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.3, macOS Sonoma 14.2, macOS Monterey 12.7.2. A…
CVE-2024-0015 — CVSS 7.8 (high): In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection…
CVE-2023-43591 — CVSS 7.8 (high): Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of…
CVE-2026-6805 — CVSS 7.5 (high): Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the…
CVE-2025-58410 — CVSS 7.5 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers…
CVE-2025-45376 — CVSS 7.5 (high): Dell Repository Manager (DRM), versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges…
CVE-2025-46740 — CVSS 7.5 (high): An authenticated user without user administrative permissions could change the administrator Account Name.
CVE-2024-8451 — CVSS 7.5 (high): Certain switch models from PLANET Technology have an SSH service that improperly handles insufficiently authenticated connection requests…
CVE-2023-52537 — CVSS 7.5 (high): Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will…
CVE-2024-30418 — CVSS 7.5 (high): Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability…
CVE-2024-25844 — CVSS 7.5 (high): An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote…
CVE-2023-27087 — CVSS 7.5 (high): Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the…
CVE-2026-21733 — CVSS 7.3 (high): Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped…