Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8840 | 2 Jishenghua, Jsherp Project | 2 Jsherp, Jserp | 2025-09-09 | 5.4 Medium |
| A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947. | ||||
| CVE-2025-8839 | 2 Jishenghua, Jsherp Project | 2 Jsherp, Jsherp | 2025-09-09 | 6.3 Medium |
| A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10073 | 1 Portabilis | 1 I-educar | 2025-09-09 | 4.3 Medium |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10072 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-10071 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-10070 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2025-49156 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 7 High |
| A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-49157 | 1 Trendmicro | 3 Apex One, Apexone Op, Apexone Saas | 2025-09-09 | 7.8 High |
| A link following vulnerability in the Trend Micro Apex One Damage Cleanup Engine could allow a local attacker to escalation privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-55582 | 1 Dlink | 2 Dcs-825l, Dcs-825l Firmware | 2025-09-09 | 6.6 Medium |
| D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported. | ||||
| CVE-2024-46916 | 1 Dieboldnixdorf | 1 Vynamic Security Suite | 2025-09-09 | 8.1 High |
| Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition. | ||||
| CVE-2022-20356 | 1 Google | 1 Android | 2025-09-08 | 4 Medium |
| In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903 | ||||
| CVE-2025-10013 | 1 Portabilis | 1 I-educar | 2025-09-08 | 6.3 Medium |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-32098 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-09-05 | 5.3 Medium |
| An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. | ||||
| CVE-2022-45133 | 1 Mahara | 1 Mahara | 2025-09-05 | 6.5 Medium |
| Mahara 21.10 before 21.10.6, 22.04 before 22.04.4, and 22.10 before 22.10.1 allows unsafe font upload for skins. A particularly structured XML file could allow one to traverse the server to obtain access to secure files or cause code execution based on the payload. | ||||
| CVE-2024-23976 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-09-05 | 6 Medium |
| When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2025-9609 | 1 Portabilis | 1 I-educar | 2025-09-04 | 6.3 Medium |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-7030 | 2 Drupal, Two-factor Authentication Project | 2 Drupal, Two-factor Authentication | 2025-09-04 | 6.5 Medium |
| Privilege Defined With Unsafe Actions vulnerability in Drupal Two-factor Authentication (TFA) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.11.0. | ||||
| CVE-2025-9687 | 1 Portabilis | 1 I-educar | 2025-09-04 | 6.3 Medium |
| A weakness has been identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/HistoricoEscolar/processamentoApi. Executing manipulation can lead to improper authorization. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2024-46989 | 1 Authzed | 1 Spicedb | 2025-09-04 | 3.7 Low |
| spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the same relation can result in no permission being returned when permission is expected. If the resource has multiple groups, and each group is caveated, it is possible for the returned permission to be "no permission" when permission is expected. Permission is returned as NO_PERMISSION when PERMISSION is expected on the CheckPermission API. This issue has been addressed in release version 1.35.3. Users are advised to upgrade. Users unable to upgrade should not use caveats or avoid the use of caveats on an indirect subject type with multiple entries. | ||||
| CVE-2024-45173 | 2 C-mor, Za-internet | 2 C-mor Video Surveillance, C-mor Video Surveillance | 2025-09-04 | 8.8 High |
| An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges. | ||||