Lucene search
+L

623 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:51 a.m.8 views

CVE-2021-2380

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

7.6CVSS6.2AI score0.0069EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:16 a.m.10 views

CVE-2022-27837

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R11.0 and 13.0.1.1 in Android S12.0 allows attacker to access the file with system privilege...

9.3CVSS6.8AI score0.00536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:10 a.m.10 views

CVE-2022-27838

Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege...

7.8CVSS6.8AI score0.00226EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.11 views

PT-2026-34165

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.6 Description An issue in the Core component allows a high privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful exploitation can lead to...

5CVSS7.6AI score0.00096EPSS
Exploits0References4
NVD
NVD
added 2025/12/23 10:15 p.m.16 views

CVE-2025-12838

MSP360 Free Backup Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MSP360 Free Backup. An attacker must first obtain the ability to execute low-privileged code on the target system in order to...

7.3CVSS0.00147EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/11 12:0 a.m.7 views

(0Day) Soda PDF Desktop Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Soda PDF Desktop. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the configuration o...

7.8CVSS7.5AI score0.00138EPSS
Exploits0
NVD
NVD
added 2025/12/10 7:16 p.m.6 views

CVE-2025-64557

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/10 6:23 p.m.4 views

CVE-2025-64604 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.23 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they brow...

5.4CVSS5.1AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/03 5:0 p.m.20 views

CVE-2025-20383 Improper access control through push notifications for reports and alerts in Splunk Secure Gateway app

In Splunk Enterprise versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, and below 3.9.10, 3.8.58, and 3.7.28 of Splunk Secure Gateway app in Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles and subscribes to mobile push notifications could receive...

4.3CVSS0.00271EPSS
Exploits0References1
NVD
NVD
added 2025/12/02 2:15 a.m.10 views

CVE-2025-21080

Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege...

7.1CVSS0.00091EPSS
Exploits0References1
CVE
CVE
added 2025/12/02 1:23 a.m.12 views

CVE-2025-21080

The CVE-2025-21080 issue affects Samsung Android devices with Dynamic Lockscreen, where improper export of Android app components could allow a local attacker to access files under the Lockscreen app privileges. The Red Hat/NVD entries describe the same vulnerability, with impact limited to confi...

7.1CVSS6AI score0.00091EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/01 9:46 p.m.11 views

CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

4.3CVSS0.00258EPSS
Exploits1References2
OSV
OSV
added 2025/12/01 9:46 p.m.7 views

CVE-2025-66306 Grav vulnerable to Information Disclosure via IDOR in Grav Admin Panel

Grav is a file-based Web platform. Prior to 1.8.0-beta.27, there is an IDOR Insecure Direct Object Reference vulnerability in the Grav CMS Admin Panel which allows low-privilege users to access sensitive information from other accounts. Although direct account takeover is not possible, admin emai...

4.3CVSS6.5AI score0.00258EPSS
Exploits1References4
CVE
CVE
added 2025/11/26 12:0 a.m.17 views

CVE-2025-65238

OpenCode Systems USSD Gateway OC is affected by CVE-2025-65238. The issue is an incorrect access control in the getSubUsersByProvider function, in OC Release 5 Version 6.13.11, which could allow attackers with low privileges to dump user records and access sensitive information. The available con...

6.5CVSS6.4AI score0.00299EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2025/11/26 12:0 a.m.20 views

CVE-2025-65239

CVE-2025-65239 affects OpenCode Systems USSD Gateway OC Release:5 (version 6.13.11). The /aux1/ocussd/trace endpoint has incorrect access control, enabling attackers with low privileges to read server logs. Reported CVSSv3.1 base score is 4.3 (MEDIUM), with network access, low privileges required...

4.3CVSS6.4AI score0.00256EPSS
Exploits1References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/25 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-62395

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing...

4.3CVSS6AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/19 9:13 p.m.5 views

CVE-2025-11884 Cross-site Scripting vulnerability discovered in OpenText™ Universal Discovery and CMDB

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in opentext uCMDB allows Stored XSS. The vulnerability could allow an attacker has high level access to UCMDB to create or update data with malicious scripts This issue affects uCMDB: 24.4...

2.3CVSS5.8AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.7 views

AXIS OS 安全漏洞

AXIS OS is an edge device operating system from Axis Sweden. AXIS OS suffers from a security vulnerability that stems from a third-party component exposing passwords in process parameters, which can be exploited by an attacker to cause low-privilege user access...

6CVSS6.7AI score0.00105EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.10 views

PT-2025-46308

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description A third-party component exposed its password in process arguments, potentially allowing low-privileged users to access it. Recommendations At the moment, there ...

6CVSS6.5AI score0.00105EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/11/05 12:0 a.m.9 views

Cisco Identity Services Engine Multiple Vulnerabilities (cisco-sa-ise-multiple-vulns-O9BESWJH)

According to its self-reported version, Cisco ISE is affected by multiple vulnerabilities. - Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to conduct a reflected XSS attack against a user of the interfac...

5.4CVSS6AI score0.03521EPSS
Exploits0References7
Rows per page
Query Builder