623 matches found
CVE-2021-2380
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...
CVE-2022-27837
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R11.0 and 13.0.1.1 in Android S12.0 allows attacker to access the file with system privilege...
CVE-2022-27838
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege...
PT-2026-34165
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.6 Description An issue in the Core component allows a high privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful exploitation can lead to...
CVE-2025-12838
MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...
(0Day) Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration o...
CVE-2025-64557
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-64604 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)
Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...
CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app
In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...
CVE-2025-21080
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege...
CVE-2025-21080
The CVE-2025-21080 issue affects Samsung Android devices with Dynamic Lockscreen, where improper export of Android app components could allow a local attacker to access files under the Lockscreen app privileges. The Red Hat/NVD entries describe the same vulnerability, with impact limited to confi...
CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...
CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel
Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...
CVE-2025-65238
OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...
CVE-2025-65239
CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...
Linux Distros Unpatched Vulnerability : CVE-2025-62395
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing...
CVE-2025-11884 Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...
PT-2025-46308
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A third-party component exposed its password in process arguments, potentially allowing low-privileged users to access it. Recommendations At the moment, there ...
Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multiple-vulns-O9BESWJH)
According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interfac...