Total
1391 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13759 | 2025-05-12 | 7.8 High | ||
| Local Privilege Escalation in Avira.Spotlight.Service.exe in Avira Prime 1.1.96.2 on Windows 10 x64 allows local attackers to gain system-level privileges via arbitrary file deletion | ||||
| CVE-2024-9524 | 2025-05-12 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in System Speedup Service in Avira Operations GmbH Avira Prime Version 1.1.96.2 on Windows 10 x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2024-13960 | 2025-05-12 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in TuneUp Service in AVG TuneUp Version 23.4 (build 15592) on Windows 10 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2024-13962 | 2025-05-12 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc in Gen Digital Inc. Avast Cleanup Premium Version 24.2.16593.17810 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2024-13959 | 2025-05-12 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory | ||||
| CVE-2025-3224 | 1 Docker | 1 Desktop | 2025-05-10 | 7.8 High |
| A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege. | ||||
| CVE-2022-31256 | 1 Opensuse | 1 Factory | 2025-05-09 | 7.7 High |
| A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1. | ||||
| CVE-2022-32905 | 1 Apple | 1 Macos | 2025-05-06 | 7.8 High |
| This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges. | ||||
| CVE-2023-2939 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-05-05 | 7.8 High |
| Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium) | ||||
| CVE-2024-20656 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-05-03 | 7.8 High |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-21397 | 1 Microsoft | 1 Azure File Sync | 2025-05-03 | 5.3 Medium |
| Microsoft Azure File Sync Elevation of Privilege Vulnerability | ||||
| CVE-2024-21329 | 1 Microsoft | 1 Azure Connected Machine Agent | 2025-05-03 | 7.3 High |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-28916 | 1 Microsoft | 1 Xbox Gaming Services | 2025-05-03 | 8.8 High |
| Xbox Gaming Services Elevation of Privilege Vulnerability | ||||
| CVE-2024-21432 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 7 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2024-26199 | 1 Microsoft | 1 365 Apps | 2025-05-03 | 7.8 High |
| Microsoft Office Elevation of Privilege Vulnerability | ||||
| CVE-2024-29989 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-05-03 | 8.4 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-28907 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-05-03 | 7.8 High |
| Microsoft Brokering File System Elevation of Privilege Vulnerability | ||||
| CVE-2024-26216 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-05-03 | 7.3 High |
| Windows File Server Resource Management Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-26158 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 7.8 High |
| Microsoft Install Service Elevation of Privilege Vulnerability | ||||
| CVE-2024-21447 | 1 Microsoft | 7 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 4 more | 2025-05-03 | 7.8 High |
| Windows Authentication Elevation of Privilege Vulnerability | ||||