91 matches found
CVE-2025-43470
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
EUVD-2025-203135
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...
Apple macOS Tahoe 安全漏洞
Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...
PT-2025-50998
Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.1 Description A permissions issue existed where a standard user could potentially view files from a disk image owned by an administrator. The issue was addressed through additional restrictions. Recommendations...
EUVD-2023-54554
Malicious code in bioql PyPI...
EUVD-2022-36207
Malicious code in bioql PyPI...
EUVD-2021-31565
Malicious code in bioql PyPI...
EUVD-2023-28509
Malicious code in bioql PyPI...
Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter
Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...
OS Command Exec, Add user with useradd
Execute an OS command from PHP. Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as jus...
CVE-2024-29188
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...
CVE-2023-4706
A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges...
CVE-2023-25011
PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges...
CVE-2019-14765
Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...
CVE-2025-0867 Privilege Escalation in MEAC300
The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...
SICK MEAC300 安全漏洞
SICK MEAC300 is a multi-channel gas analyzer from SICK Germany, which is mainly used for real-time monitoring and analyzing the concentration of multiple gases in industrial environments. A security vulnerability exists in the SICK MEAC300 that stems from a standard user starting the application...
Fortinet FortiClient 授权问题漏洞
Fortinet FortiClientMac is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientMac suffers from an authorization...
CVE-2025-0067 Missing Authorization check in SAP NetWeaver Application Server Java
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...
CVE-2025-0067
CVE-2025-0067 relates to SAP NetWeaver Application Server Java where a missing authorization check on service endpoints lets a user with a standard role create JCo connections used for remote function calls. The impact is described as low for confidentiality, integrity, and availability. Affected...
CVE-2024-38811
VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...