97 matches found
CVE-2025-28399
An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...
CVE-2025-20951
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...
CVE-2025-20951
Summary: CVE-2025-20951 affects Galaxy Store prior to 4.5.90.7 due to improper verification of intent by a broadcast receiver, enabling a local attacker to write arbitrary files with Galaxy Store privileges. Affected software: Galaxy Store (Android) versions before 4.5.90.7. Root cause: insuffici...
CVE-2025-28400
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...
CVE-2025-28405
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method...
CVE-2025-28410
CVE-2025-28410 concerns RUoYi v4.8.0. Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA EUVD) describe a privilege-escalation flaw in the remote procedure cancelAuthUserAll, where the request is not properly validated for administrative privileges. This enables an attacker to escalate from a non-...
CVE-2025-20138
A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...
The vulnerability of the software products of the LLC “NPO ‘MIR’, related to incorrect authorization, allows a perpetrator to increase their privileges.
The vulnerability of the software products developed by OOO “NPO “MIR” is related to incorrect authorization. Exploiting this vulnerability can allow attackers to enhance their privileges...
CVE-2024-57603
An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting...
CVE-2020-17392
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-24176
CVE-2025-24176 is a local permission-elevation vulnerability in macOS. The issue is described as a permissions problem addressed by improved validation and is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. A local attacker may gain elevated privileges due to insuffici...
Google Pixel 安全漏洞
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from a lack of permission checking. An attacker can escalate privileges by exploiting the vulnerability...
CVE-2024-4762
An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges...
thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames
Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...
Cross Site Scripting vulnerability in Snipe-IT
Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/user-id/files...
CVE-2024-5803 Local privelage escalation via COM hijacking
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use TOCTOU when self protection is disabled...
CVE-2024-45284
An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application...
CVE-2024-33444
SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...
BIT-MATTERMOST-2023-27265
Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...
CVE-2023-6622
CVE-2023-6622 : A null pointer dereference in nft_dynset_init() of net/netfilter/nft_dynset.c (nf_tables) allows a local attacker with CAP_NET_ADMIN to trigger a denial of service. Affected: Linux kernel nf_tables/nft_dynset; impact: local DoS; exploitability: LOCAL, requires privileges, no user ...