All CosmicBytez Labs articles tagged #Privilege Escalation, across news, security advisories, how-to guides, and projects.
A security researcher has released a public Windows zero-day exploit called LegacyHive that allows local privilege escalation to SYSTEM on fully up-to-date Windows machines. No patch is available.
A high-severity privilege escalation flaw in WPFunnels for WordPress allows attackers to update arbitrary site options via an unvalidated REST callback, affecting all versions up to 3.12.8.
Critical privilege escalation in the Aimogen Pro WordPress plugin (all versions up to 2.8.4) — missing capability check on AI function allows any authenticated user to gain administrator-level access.
Security researcher Chaotic Eclipse released LegacyHive, a proof-of-concept exploit for a Windows User Profile Service privilege escalation vulnerability, just hours after Microsoft's July 2026 Patch Tuesday release.
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-56155, an actively exploited privilege escalation flaw in Active Directory Federation Services. Attackers exploit overly permissive ACLs on the DKM container to forge SAML tokens and compromise hybrid identity infrastructure. CISA added it to KEV with a July 28 federal deadline.
A new RedHook variant abuses Android's Wireless Debugging feature to gain shell-level privileges without a USB connection — a novel technique that bypasses traditional physical access requirements.
A critical IDOR vulnerability in Coolify's cloneTo() Livewire action allows authenticated users to clone and take over resources across team boundaries...
A critical privilege escalation flaw in Coolify's terminal WebSocket routes lets any low-privileged team member connect to privileged server terminals by...
A high-severity improper privilege management flaw in SourceCodester's Online Examination and Learning Management System 1.0 allows remote attackers to...
A use-after-free bug in the Linux kernel's epoll subsystem — CVE-2026-46242 — lets any local user escalate to root on Linux 6.4+ with ~99% reliability. A...
A critical open redirect vulnerability in Microsoft 365 Copilot rated CVSS 9.3 enables unauthenticated attackers to perform privilege escalation over the...
A critical server-side request forgery vulnerability in Azure OpenAI rated CVSS 9.9 allows an authorized attacker to escalate privileges over the network,...
Multiple authenticated SQL injection vulnerabilities in Ubiquiti's UniFi Talk Application can be chained to escalate privileges to host-level access on...
A critical improper access control vulnerability in Ubiquiti's UniFi Access Application enables high-privileged network attackers to further escalate...
A critical CVSS 9.8 vulnerability in the ProfileGrid WordPress plugin allows unauthenticated attackers to take over any user account and escalate...
A critical unauthenticated privilege escalation flaw in the WordPress Invoice Generator plugin allows any attacker to take over administrator accounts via...
A high-severity OS command injection flaw in Dell Display and Peripheral Manager for macOS (versions prior to 2.3) allows low-privileged local attackers...
A missing authorization flaw (CVSS 9.6) in Red Hat's Event-Driven Ansible allows any authenticated user to forge WebSocket messages and access plaintext...
Researchers at Obsidian Security disclosed a chain of three vulnerabilities in the widely deployed LiteLLM open-source AI gateway that allows a default...
A critical CVSS 9.9 privilege escalation vulnerability in Ubiquiti UniFi OS allows a low-privileged network attacker to escalate privileges within UniFi...
A critical unauthenticated privilege escalation vulnerability in the Doctreat Core WordPress plugin allows attackers to register with elevated roles,...
Anonymous researcher Chaotic Eclipse released a PoC exploit for a new Microsoft Defender zero-day named RoguePlanet. The race condition flaw grants SYSTEM...
Microsoft's June 2026 Patch Tuesday fixes three actively exploited Windows zero-days: two SYSTEM privilege escalation flaws and a BitLocker bypass...
Critical CVSS 9.1 flaw in ARM Cortex-X and Neoverse processors may allow writes to resources owned by a higher exception level.
A high-severity vulnerability in Samsung's Galaxy Editing Service allows local attackers to execute privileged operations due to improper export of Android…
A high-severity privilege escalation vulnerability in the Booking Package WordPress plugin allows unauthenticated or low-privileged attackers to take over…
Cisco has issued an emergency warning about an actively exploited, unpatched zero-day in Cisco Catalyst SD-WAN Manager (CVE-2026-20245) that enables root…
A critical CVSS 9.8 vulnerability exposes factory-level diagnostic interfaces left in retail firmware builds, allowing malicious applications to gain write…
Hackers are actively exploiting a critical privilege escalation vulnerability (CVE-2026-8206) in the widely-used Kirki Customizer Framework plugin for…
A Linux kernel vulnerability in the cgroups v1 release_agent feature allows local attackers to escalate privileges and escape containers. Added to CISA KEV…
An incorrect permission assignment vulnerability in Fujitsu ServerView Agents for Windows V11.60.04 and earlier allows a local authenticated attacker to…
The Kirki Freeform Page Builder plugin for WordPress (versions 6.0.0–6.0.6) allows unauthenticated attackers to take over any user account during password…
A critical unauthenticated privilege escalation flaw in WP Maps Pro for WordPress (CVSS 9.8) allows attackers to create administrator accounts without...
CISA has added a LiteSpeed cPanel plugin zero-day to its Known Exploited Vulnerabilities catalog after active exploitation allowed attackers to execute scripts.
A critical symlink validation flaw in KubeVirt's virt-handler lets authenticated OpenShift users with edit access in a single namespace escalate to arbitrary.
A maximum-severity vulnerability in the LiteSpeed User-End cPanel Plugin, tracked as CVE-2026-48172 with a CVSS score of 10.0, is under active...
Microsoft has disclosed two Windows Defender vulnerabilities under active exploitation in the wild, including CVE-2026-41091 — a privilege escalation flaw...
A CVSS 10.0 authentication bypass in Cisco Secure Workload allows unauthenticated remote attackers to access internal REST APIs with full Site Admin privileges.
A new Windows kernel privilege escalation zero-day dubbed MiniPlasma, released by researcher Chaotic Eclipse, grants SYSTEM-level access on fully patched...
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed MiniPlasma that lets attackers gain...
A missing WordPress capability check in the AI Engine plugin's MCP OAuth bearer-token path allows any authenticated user to escalate privileges to...
A security researcher has publicly released two unpatched Windows zero-day exploits: YellowKey, a BitLocker bypass requiring physical access, and...
An anonymous researcher has publicly disclosed two new unpatched Windows zero-days — YellowKey enabling BitLocker bypass and GreenPlasma targeting CTFMON...
A cybersecurity researcher has published proof-of-concept exploits for two unpatched Windows vulnerabilities — YellowKey (BitLocker bypass) and...
TheCartPress WordPress plugin 1.5.3.6 allows unauthenticated attackers to register new administrator accounts by exploiting the AJAX handler with a...
A new unpatched Linux zero-day exploit dubbed 'Dirty Frag' allows local attackers to gain root privileges on virtually all major Linux distributions with...
A high-severity security bypass in Argo Workflows (CVSS 8.1) allows users with Workflow creation permissions to escape templateReferencing: Strict mode,...
The U.S. Cybersecurity and Infrastructure Security Agency has added CVE-2026-31431, a Linux kernel privilege escalation flaw enabling root access, to its...
A Linux Kernel vulnerability involving incorrect resource transfer between spheres has been added to CISA's Known Exploited Vulnerabilities catalog,...
A critical heap buffer overflow in FreeBSD's libnv library allows an unprivileged program to write outside heap allocation bounds during message header...
Dell iDRAC10 versions 1.20.70.50 and 1.30.05.10 contain a race condition vulnerability allowing authenticated low-privileged attackers to gain elevated...
A newly disclosed vulnerability in the PackageKit daemon, dubbed Pack2TheRoot, allows local Linux users to escalate privileges to root by abusing the...
A critical CVSS 9.9 elevation of privilege vulnerability in Azure IoT Central allows an authenticated attacker to escalate privileges over a network by...
A critical SQL injection vulnerability in Saltcorn's mobile-sync routes allows any authenticated low-privilege user with read access to a single table to...
A critical privilege escalation vulnerability in Microsoft Partner Center allows an authorized attacker to elevate their privileges over a network,...
A critical privilege escalation flaw in OpenXiangShan NEMU's RISC-V hypervisor extension allows a VS-mode guest write to the supervisor interrupt-enable...
A high-severity insufficiently protected credentials vulnerability in Dell PowerProtect Data Domain BoostFS allows low-privileged local attackers to...
A high-severity SQL injection vulnerability in WeGIA, a web manager for charitable institutions, allows authenticated attackers to escalate privileges by...
Threat actors are actively exploiting three recently disclosed Windows security vulnerabilities that allow attackers to gain SYSTEM or elevated...
Huntress is warning that threat actors are actively exploiting three privilege escalation vulnerabilities in Microsoft Defender — codenamed BlueHammer,...
An authorization flaw in Juju's Controller facade allows any authenticated low-privilege user to call the CloudSpec API and extract the cloud provider...
A critical CVSS 9.1 vulnerability in Canonical LXD before 6.8 allows authenticated attackers to bypass project restrictions during backup import. The...
A bypass of the CVE-2024-27297 patch in the Nix package manager allows attackers to follow symlinks during fixed-output derivation builds, enabling...
A high-severity privilege escalation flaw in Kibana's Fleet plugin debug route handlers allows authenticated users with limited Fleet sub-feature...
A critical privilege escalation vulnerability in the Users Manager – PN WordPress plugin (v1.1.15 and below) allows unauthenticated attackers to update...
A critical vulnerability (CVSS 9.8) in parisneo/lollms v2.1.0 allows attackers to brute-force the application's JWT secret key offline, forge...
A security researcher operating under the aliases 'Chaotic Eclipse' and 'Nightmare-Eclipse' has publicly released exploit code for an unpatched Windows...
Researchers from the University of Toronto have demonstrated GPUBreach, a novel attack that induces Rowhammer bit-flips in GPU GDDR6 memory to bypass...
A critical server-side request forgery vulnerability in Azure Custom Locations Resource Provider allows an authorized attacker to elevate privileges over...
Cisco has released security advisories addressing a batch of critical and high-severity vulnerabilities across multiple products, covering flaws that...
A critical CVSS 9.8 vulnerability in OpenClaw allows attackers to replay a valid bootstrap setup code multiple times before approval, escalating device...
A critical CVSS 9.9 privilege escalation vulnerability in OpenClaw allows operators with limited pairing scope to mint tokens with unrestricted admin...
The Import and export users and customers plugin for WordPress is vulnerable to privilege escalation in all versions up to 1.29.7, allowing authenticated...
A critical CVSS 9.9 authorization bypass in OpenClaw allows authenticated users to self-declare elevated scopes over WebSocket connections without...
A critical privilege escalation vulnerability (CVSS 9.1) in Wazuh versions 3.9.0–4.14.2 allows authenticated cluster nodes to overwrite the manager...
ZKTeco ZKTime.Net 3.0.1.6 ships with world-writable directory permissions on its installation folder, allowing any local unprivileged user to replace...
A critical CVSS 9.9 vulnerability in Veeam Backup & Replication allows users with the lowest-privileged Backup Viewer role to execute arbitrary code as...
Actively exploited zero-day in Windows RDS allows authenticated attackers with low privileges to escalate to SYSTEM. Public exploit code available....
Cisco discloses a high-severity privilege escalation vulnerability in IOS XE Web UI that allows authenticated users to gain root access. Active...
Maximum severity flaw in Modular DS WordPress plugin allows unauthenticated privilege escalation. All versions through 2.5.1 affected with active...