Total
717 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20852 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-23 | 7.7 High |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | ||||
| CVE-2026-20804 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-01-23 | 7.7 High |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | ||||
| CVE-2025-50007 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in Jthemes xSmart xsmart allows Privilege Escalation.This issue affects xSmart: from n/a through <= 1.2.9.4. | ||||
| CVE-2025-68027 | 2 Themefic, Wordpress | 2 Hydra Booking, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in Themefic Hydra Booking hydra-booking allows Privilege Escalation.This issue affects Hydra Booking: from n/a through <= 1.1.32. | ||||
| CVE-2025-67966 | 2 E-plugins, Wordpress | 2 Lawyer Directory, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in e-plugins Lawyer Directory lawyer-directory allows Privilege Escalation.This issue affects Lawyer Directory: from n/a through <= 1.3.3. | ||||
| CVE-2025-67953 | 1 Wordpress | 1 Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in Booking Activities Team Booking Activities booking-activities allows Privilege Escalation.This issue affects Booking Activities: from n/a through <= 1.16.44. | ||||
| CVE-2025-68869 | 2 Lazycoders, Wordpress | 2 Lazytasks, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in LazyCoders LLC LazyTasks lazytasks-project-task-management allows Privilege Escalation.This issue affects LazyTasks: from n/a through <= 1.4.01. | ||||
| CVE-2025-69182 | 2 E-plugins, Wordpress | 2 Institutions Directory, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in e-plugins Institutions Directory institutions-directory allows Privilege Escalation.This issue affects Institutions Directory: from n/a through <= 1.3.4. | ||||
| CVE-2025-69293 | 2 E-plugins, Wordpress | 2 Final User, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in e-plugins Final User final-user allows Privilege Escalation.This issue affects Final User: from n/a through <= 1.2.5. | ||||
| CVE-2025-69292 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||
| CVE-2025-69183 | 2 E-plugins, Wordpress | 2 Hospital & Doctor Directory, Wordpress | 2026-01-23 | N/A |
| Incorrect Privilege Assignment vulnerability in e-plugins Hospital Doctor Directory hospital-doctor-directory allows Privilege Escalation.This issue affects Hospital Doctor Directory: from n/a through <= 1.3.9. | ||||
| CVE-2026-22907 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 9.9 Critical |
| An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. | ||||
| CVE-2026-22908 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 9.1 Critical |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. | ||||
| CVE-2026-22914 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 4.3 Medium |
| An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation. | ||||
| CVE-2026-22916 | 2 Sick, Sick Ag | 3 Tdc-x401gl, Tdc-x401gl Firmware, Tdc-x401gl | 2026-01-23 | 4.3 Medium |
| An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration. | ||||
| CVE-2025-67279 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | 5.3 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format | ||||
| CVE-2025-67278 | 1 Tim-solutions | 1 Tim Flow | 2026-01-22 | 6.5 Medium |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request | ||||
| CVE-2025-13888 | 1 Redhat | 1 Openshift Gitops | 2026-01-22 | 9.1 Critical |
| A flaw was found in OpenShift GitOps. Namespace admins can create ArgoCD Custom Resources (CRs) that trick the system into granting them elevated permissions in other namespaces, including privileged namespaces. An authenticated attacker can then use these elevated permissions to create privileged workloads that run on master nodes, effectively giving them root access to the entire cluster. | ||||
| CVE-2024-31771 | 1 Totalav | 1 Totalav | 2026-01-21 | 7.8 High |
| Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file | ||||
| CVE-2024-27460 | 1 Hp | 1 Poly Plantronics Hub | 2026-01-21 | 6.7 Medium |
| A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below. | ||||