Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

type:lpe — CVE vulnerabilities tagged 2643

2643 CVE security advisories tagged "type:lpe" with AI Chinese analysis, CVSS, references and POCs.

The tag "type:lpe" identifies Local Privilege Escalation vulnerabilities, a critical security flaw where an attacker with limited user access exploits system weaknesses to gain elevated administrative rights. This matters significantly because it allows malicious actors to bypass standard security controls, potentially accessing sensitive data, installing malware, or compromising the entire system from a low-privilege entry point. Typical scenarios involve exploiting bugs in kernel code, misconfigured permissions, or vulnerable system services that improperly validate user inputs. Since many initial breaches start with low-level access, such as phishing or web exploits, LPE serves as a vital second stage for attackers aiming for full system control. Understanding these vulnerabilities is essential for developers to implement proper access controls and for administrators to patch systems promptly, thereby preventing lateral movement and maintaining overall infrastructure integrity against sophisticated threat actors.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24425 Twig 2.16.x & 3.9.0-3.25.x Sandbox Bypass via SourcePolicyInterface — TwigCWE-693 8.8 High2026-05-20
CVE-2026-42834 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability — Windows Admin Center in Azure PortalCWE-59 7.8 High2026-05-20
CVE-2026-45584 Microsoft Defender Remote Code Execution Vulnerability — Microsoft Malware Protection EngineCWE-122 8.1 High2026-05-20
CVE-2026-41091 Microsoft Defender Elevation of Privilege Vulnerability — Microsoft Malware Protection EngineCWE-59 7.8 High2026-05-20
CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability — YITH WooCommerce Product Add-OnsCWE-89 7.6 High2026-05-20
CVE-2026-27405 WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability — WpBookinglyCWE-862 6.5 Medium2026-05-20
CVE-2026-0856 Meona Client/Server Improper Access Control漏洞 — Meona Client Launcher ComponentCWE-284 7.8 High2026-05-20
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit — Container suse/sle-micro-rancher/5.3:latestCWE-305 7.8 High2026-05-20
CVE-2026-44933 Path Traversal in Plugin Loading in libzypp — SUSE Linux EnterpriseCWE-35 7.8 High2026-05-20
CVE-2026-24207 NVIDIA Triton Inference Server 认证绕过漏洞 — Triton Inference ServerCWE-288 9.8 Critical2026-05-20
CVE-2026-24206 NVIDIA Triton Inference Server认证绕过漏洞 — Triton Inference ServerCWE-288 7.3 High2026-05-20
CVE-2026-6391 Sentence To SEO (keywords, description and tags) <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page Parameters — Sentence To SEO (keywords, description and tags)CWE-352 6.1 Medium2026-05-20
CVE-2026-7284 Easy Elements for Elementor <= 1.4.4 - Unauthenticated Privilege Escalation via easyel_handle_register — Easy Elements for Elementor – Addons & Website TemplatesCWE-269 9.8 Critical2026-05-20
CVE-2026-43619 Rsync < 3.4.3 Symlink Race Condition via Path-Based Syscalls — rsyncCWE-367 6.3 Medium2026-05-20
CVE-2026-34246 CtrlPanel: Stored XSS in Admin Role Management via Unescaped DataTable HTML Output — panelCWE-80 4.8 Medium2026-05-19
CVE-2026-27173 Apache Airflow CNCF Kubernetes provider: JWT Token Exposure in KubernetesExecutor Command-Line Arguments — Apache Airflow CNCF Kubernetes providerCWE-538--2026-05-19
CVE-2026-8370 Automic Automation Agent Unix privilege escalation — Automic AutomationCWE-250--2026-05-19
CVE-2026-8605 Use of Hard-coded Credentials in ScadaBR — ScadaBRCWE-798--2026-05-19
CVE-2026-43633 HestiaCP 1.9.0-1.9.4 Deserialization RCE via Web Terminal — hestiacpCWE-502 10.0 Critical2026-05-19
CVE-2026-42098 Authorization Bypass in Sparx Enterprise Architect — Enterprise ArchitectCWE-603--2026-05-19
CVE-2026-8972 Privilege escalation in the WebRTC: Audio/Video component — Firefox--2026-05-19
CVE-2026-8955 Privilege escalation in the DOM: Workers component — Firefox--2026-05-19
CVE-2026-47323 Apache Camel: Camel-CXF Message Header Injection via Missing Inbound Filtering — Apache CamelCWE-178--2026-05-19
CVE-2026-7507 Org.keycloak/keycloak-services: session fixation in oidc login flow that can lead to account takeover — Red Hat build of Keycloak 26.2CWE-290 7.5 High2026-05-19
CVE-2026-46721 Broken Access Control in extension "Frontend User Registration" (sf_register) — Extension "Frontend User Registration"CWE-915--2026-05-19
CVE-2026-22069 O+ Connect Local Privilege Escalation Vulnerability — O+ ConnectCWE-266 7.3 High2026-05-19
CVE-2026-33052 MantisBT: Authorization Bypass in Global Profile Creation — mantisbtCWE-639--2026-05-19
CVE-2026-32323 Mullvad VPN for macOS: Local Privilege Escalation via unverified bundle path in installer — mullvadvpn-appCWE-427 7.3 High2026-05-19
CVE-2026-30118 Scalar Astro v0.1.13 SSRF漏洞致信息泄露 — n/a--2026-05-19
CVE-2026-31070 LalanaChami Pharmacy 越权漏洞 — n/a--2026-05-19

Vulnerabilities classified as type:lpe represent 2643 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.