Privilege Escalation

This critical vulnerability allows an attacker to gain higher access privileges within Firefox and Thunderbird, potentially letting them execute harmful actions on a user's system. It affects versions prior to 148 for Firefox and Thunderbird, meaning users need to update their software to stay protected.

This critical vulnerability allows an attacker to gain higher privileges within Firefox or Thunderbird, potentially letting them execute harmful actions on the user's system. It affects versions prior to 148 for Firefox and Thunderbird, and requires the attacker to exploit the Netmonitor component to take advantage of this flaw.

This vulnerability allows an attacker to gain higher access privileges within the messaging system of Firefox and Thunderbird, potentially letting them execute harmful actions on the user's system. It affects specific versions of these applications, so users running outdated software are at greater risk.

This vulnerability allows a local user to run programs with higher permissions than they should have, potentially giving them control over the system. However, the user must first exploit a timing issue in the Tencent PC Manager app, which requires some technical skill.

This vulnerability allows a local user to run programs with higher permissions than they should have, potentially giving them control over the system. However, the attacker must first exploit a timing issue in the app, which requires specific conditions to be met.

This vulnerability allows an attacker with at least Subscriber-level access to take over any user's account by changing their email address and triggering a password reset, effectively giving themselves full administrator privileges. The attacker only needs to know the donor ID of the target account to exploit this flaw.

This vulnerability allows an attacker with a valid account on a WordPress site to change important settings, such as granting themselves administrative access. It occurs because the plugin fails to properly check if the user has permission to make these changes, making it easier for attackers to exploit the flaw.

An attacker can gain full control of a WordPress site by registering as an administrator without any prior authentication, simply by manipulating a specific parameter during the user registration process. This vulnerability affects all versions of the Buyent Classified plugin up to 1.0.7, allowing anyone to exploit it without needing a valid account.

This vulnerability allows attackers to register as an administrator on a WordPress site using the Lizza LMS Pro plugin, giving them full control over the site. It can be exploited by anyone without needing to log in, as the plugin does not properly check user roles during registration.

This vulnerability allows attackers to gain administrator privileges on a WordPress site simply by creating a new user account and choosing their own role. It affects versions of the Clasifico Listing plugin up to 2.0 and can be exploited by anyone, even those who are not logged in.

This vulnerability allows attackers with at least Subscriber-level access to view sensitive email log information from the Tablesome plugin, which could lead to unauthorized password resets. It requires the plugin's table log feature to be enabled, making it easier for attackers to gain access to user accounts.

This vulnerability allows attackers with Shop Manager-level access or higher to change important settings on a WordPress site, potentially giving them administrative access. They can exploit this flaw to allow new users to register as administrators, which could lead to full control over the site.

This vulnerability allows an attacker with local access to a Glory RBG-100 recycler system to gain root privileges by modifying important system files. The issue arises because some of these files can be written to and executed by regular users, making it easy for an attacker to replace them with malicious versions.

An attacker can remotely gain higher privileges on the JingDong JD Cloud Box AX6600, potentially allowing them to take control of the device. This vulnerability affects specific firmware versions and can be exploited without needing physical access to the device.

This vulnerability allows an attacker to gain higher-level access to the JingDong JD Cloud Box AX6600 from a remote location, potentially letting them control the device. The issue arises from a flaw in how the device handles certain input, and it affects specific firmware versions up to 4.5.1.r4533.

An attacker can remotely gain higher privileges on the JingDong JD Cloud Box AX6600, potentially allowing them to take control of the device. This vulnerability affects specific firmware versions and can be exploited without needing physical access to the device.

This vulnerability allows a low-privileged user to trick the system into giving them administrative access, letting them change device settings and control the entire smart home system. To exploit this, the attacker just needs to send a specially crafted request to the server, without needing any special permissions.

An attacker can take over any user account, including those with administrative privileges, by resetting passwords without needing the current password. This vulnerability affects low-privileged users who can send a specific request to the server, allowing them to gain full control over other accounts.

This vulnerability allows attackers to create accounts with high-level permissions, including administrator access, on WordPress sites using the Truelysell Core plugin version 1.8.7 or earlier. The issue arises because the plugin does not properly check user roles during registration, meaning even someone who is not logged in can exploit this flaw.

This vulnerability allows a low-privileged Windows user to gain higher-level access on a system running the Genetec Sipelia Plugin. The attacker must already be logged in with an account that has limited permissions to exploit this flaw.