| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper access control in Windows Remote Help Defense allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows Operating Systems allows an authorized attacker to elevate privileges locally. |
| Improper access control in Windows System allows an unauthorized attacker to bypass a security feature locally. |
| Improper authorization in Windows OLE allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Windows DNS allows an authorized attacker to perform tampering locally. |
| vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest registration versions: *.*. |
| An authentication bypass vulnerability exists in certain releases of Ciena Navigator Network Control Suite (NCS), Manage Control Plan (MCP), and Blue Planet products. The issue is caused by improper handling of HTTP request paths and headers, which allows an unauthenticated attacker to manipulate requests in a manner that bypasses authentication and associated audit logging controls. |
| Inappropriate implementation in Updater in Google Chrome on Windows prior to 150.0.7871.47 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) |
| Insufficient policy enforcement in WebHID in Google Chrome prior to 150.0.7871.47 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium) |
| Insufficient policy enforcement in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) |
| Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally. |
| Insufficient policy enforcement in Passwords in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) |
| Inappropriate implementation in SplitView in Google Chrome prior to 150.0.7871.47 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) |
| Insufficient granularity of access control in Windows StateRepository API allows an authorized attacker to elevate privileges locally. |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to elevate privileges locally. |
| The Shibboleth WordPress plugin before 2.5.4 does not fail closed when its HTTP header identity mode is enabled without an anti-spoofing key, treating any request that carries identity headers as an authenticated session without verifying them. On a deployment where untrusted client headers reach the application, an unauthenticated attacker can log in with forged identity headers and, when automatic account creation and the default administrator role mapping are enabled, create and sign in as a new administrator. Exploitation requires the non-default HTTP header attribute mode, an empty or absent spoof key, automatic account creation enabled, and a deployment that does not strip untrusted client headers before they reach the application. |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges locally. |
| The Adminify WordPress plugin before 4.2.10 does not perform per-user read-capability checks on the results returned by one of its administration search features, allowing users with a low-privilege role (Contributor) to disclose non-public content that WordPress would not otherwise expose to them, such as other authors' unpublished post titles, pending comment content, the site's Adminify WordPress plugin before 4.2.10 inventory, and user account names. |
| A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi Protect Application to bypass authentication in certain UniFi Protect Application API endpoints. |