Lucene search
+L

97 matches found

Cvelist
Cvelist
added 2025/04/15 12:0 a.m.17 views

CVE-2025-28399

An issue in Erick xmall v.1.1 and before allows a remote attacker to escalate privileges via the updateAddress method of the Address Controller class...

0.00586EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/04/08 4:40 a.m.30 views

CVE-2025-20951

Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.90.7 allows local attackers to write arbitrary files with the privilege of Galaxy Store...

5.1CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/04/08 4:40 a.m.71 views

CVE-2025-20951

Summary: CVE-2025-20951 affects Galaxy Store prior to 4.5.90.7 due to improper verification of intent by a broadcast receiver, enabling a local attacker to write arbitrary files with Galaxy Store privileges. Affected software: Galaxy Store (Android) versions before 4.5.90.7. Root cause: insuffici...

5.5CVSS7.1AI score0.00135EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/07 12:0 a.m.29 views

CVE-2025-28400

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method...

0.00364EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/07 12:0 a.m.19 views

CVE-2025-28405

An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method...

0.00614EPSS
Exploits1References2
CVE
CVE
added 2025/04/07 12:0 a.m.55 views

CVE-2025-28410

CVE-2025-28410 concerns RUoYi v4.8.0. Multiple sources (NVD, Red Hat, OSV, CIRCL, ENISA EUVD) describe a privilege-escalation flaw in the remote procedure cancelAuthUserAll, where the request is not properly validated for administrative privileges. This enables an attacker to escalate from a non-...

9.8CVSS7.4AI score0.00614EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/03/12 4:15 p.m.15 views

CVE-2025-20138

A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of user arguments that are passed to specific CLI...

8.8CVSS0.00213EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/02/26 12:0 a.m.18 views

The vulnerability of the software products of the LLC “NPO ‘MIR’, related to incorrect authorization, allows a perpetrator to increase their privileges.

The vulnerability of the software products developed by OOO “NPO “MIR” is related to incorrect authorization. Exploiting this vulnerability can allow attackers to enhance their privileges...

8.2CVSS5.5AI score
Exploits0Affected Software3
OSV
OSV
added 2025/02/12 12:0 a.m.4 views

CVE-2024-57603

An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the lack of rate limiting...

6.3CVSS7.4AI score0.0043EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 1:24 p.m.9 views

CVE-2020-17392

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

8.8CVSS6.7AI score0.00533EPSS
Exploits0
CVE
CVE
added 2025/01/27 9:46 p.m.90 views

CVE-2025-24176

CVE-2025-24176 is a local permission-elevation vulnerability in macOS. The issue is described as a permissions problem addressed by improved validation and is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, and macOS Sonoma 14.7.3. A local attacker may gain elevated privileges due to insuffici...

7.1CVSS5.8AI score0.00212EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2025/01/17 12:0 a.m.5 views

Google Pixel 安全漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability that stems from a lack of permission checking. An attacker can escalate privileges by exploiting the vulnerability...

7.8CVSS9.1AI score0.00077EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/16 5:4 p.m.18 views

CVE-2024-4762

An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges...

7.8CVSS7AI score0.00151EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/12/13 8:36 p.m.18 views

thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...

7.2CVSS4.8AI score0.02163EPSS
Exploits3References4Affected Software1
Github Security Blog
Github Security Blog
added 2024/11/12 9:30 p.m.19 views

Cross Site Scripting vulnerability in Snipe-IT

Cross Site Scripting vulnerability in Snipe-IT v.7.0.13 allows a remote attacker to escalate privileges via an unknown part of the file /users/user-id/files...

8.7CVSS6.7AI score0.00402EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/03 2:20 p.m.10 views

CVE-2024-5803 Local privelage escalation via COM hijacking

The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use TOCTOU when self protection is disabled...

7.5CVSS6.9AI score0.0011EPSS
Exploits0References1
NVD
NVD
added 2024/09/10 5:15 a.m.11 views

CVE-2024-45284

An authenticated attacker with high privilege can use functions of SLCM transactions to which access should be restricted. This may result in an escalation of privileges causing low impact on integrity of the application...

2.4CVSS0.00242EPSS
Exploits0References2
OSV
OSV
added 2024/04/29 12:0 a.m.8 views

CVE-2024-33444

SQL injection vulnerability in onethink v.1.1 allows a remote attacker to escalate privileges via a crafted script to the ModelModel.class.php component...

9.8CVSS8.1AI score0.00899EPSS
Exploits1References5
OSV
OSV
added 2024/03/06 11:1 a.m.34 views

BIT-MATTERMOST-2023-27265

Mattermost fails to honor the ShowEmailAddress setting when constructing a response to the "Regenerate Invite Id" API endpoint, allowing an attacker with team admin privileges to learn the team owner's email address in the response...

2.7CVSS3.5AI score0.00526EPSS
Exploits0References2
CVE
CVE
added 2023/12/08 5:33 p.m.245 views

CVE-2023-6622

CVE-2023-6622 : A null pointer dereference in nft_dynset_init() of net/netfilter/nft_dynset.c (nf_tables) allows a local attacker with CAP_NET_ADMIN to trigger a denial of service. Affected: Linux kernel nf_tables/nft_dynset; impact: local DoS; exploitability: LOCAL, requires privileges, no user ...

5.5CVSS6.1AI score0.00321EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder