Lucene search
+L

91 matches found

Cvelist
Cvelist
added 2025/12/12 8:56 p.m.23 views

CVE-2025-43470

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...

0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/12 8:56 p.m.7 views

EUVD-2025-203135

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. A standard user may be able to view files made from a disk image belonging to an administrator...

5.7AI score0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.6 views

Apple macOS Tahoe 安全漏洞

Apple macOS Tahoe is a desktop operating system released by Apple on June 10, 2025, using the LiquidGlass design language and integrating several AI and cross-device features. Apple macOS Tahoe suffers from a permission restriction insufficiency vulnerability that stems from a flaw in the system'...

5.5CVSS6.4AI score0.00116EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.10 views

PT-2025-50998

Name of the Vulnerable Software and Affected Versions macOS versions prior to Tahoe 26.1 Description A permissions issue existed where a standard user could potentially view files from a disk image owned by an administrator. The issue was addressed through additional restrictions. Recommendations...

6.2AI score0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-54554

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00196EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-36207

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.0043EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2021-31565

Malicious code in bioql PyPI...

8.5CVSS7.5AI score0.00714EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-28509

Malicious code in bioql PyPI...

7.8CVSS8.1AI score0.00202EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/07/25 3:30 p.m.12 views

Withdrawn Advisory: JHipster allows privilege escalation via a modified authorities parameter

Withdrawn Advisory This advisory has been withdrawn because the original report was found to be invalid. This link is maintained to preserve external references. For more information, see https://groups.google.com/g/jhipster-dev/c/ATSlWkEjw2w. Original Description JHipster before v.8.9.0 allows...

8CVSS6.3AI score0.00244EPSS
Exploits0References6Affected Software1
Metasploit
Metasploit
added 2025/06/09 6:51 p.m.390 views

OS Command Exec, Add user with useradd

Execute an OS command from PHP. Creates a new user. By default the new user is set with sudo but other options exist to make the new user automatically root but this is not automatically set since the new user will be treated as root and login may be difficult. The new user can also be set as jus...

5.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:54 a.m.7 views

CVE-2024-29188

WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's RemoveFolderEx functionality could allow a standard user to delete protected directories. RemoveFolderEx deletes an entire directory tree during installation or...

7.9CVSS6.6AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.9 views

CVE-2023-4706

A privilege escalation vulnerability was reported in Lenovo preloaded devices deployed using Microsoft AutoPilot under a standard user account due to incorrect default privileges...

7.8CVSS7.2AI score0.00196EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:23 a.m.7 views

CVE-2023-25011

PC settings tool Ver10.1.26.0 and earlier, PC settings tool Ver11.0.22.0 and earlier allows a attacker to write to the registry as administrator privileges with standard user privileges...

7.8CVSS6.8AI score0.00165EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:28 a.m.7 views

CVE-2019-14765

Incorrect Access Control in AfficheExplorateurParam in DIMO YellowBox CRM before 6.3.4 allows a standard authenticated user to use administrative controllers...

8.8CVSS6.8AI score0.0114EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/14 12:37 p.m.13 views

CVE-2025-0867 Privilege Escalation in MEAC300

The standard user uses the run as function to start the MEAC applications with administrative privileges. To ensure that the system can startup on its own, the credentials of the administrator were stored. Consequently, the EPC2 user can execute any command with administrative privileges. This...

9.9CVSS0.00606EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

SICK MEAC300 安全漏洞

SICK MEAC300 is a multi-channel gas analyzer from SICK Germany, which is mainly used for real-time monitoring and analyzing the concentration of multiple gases in industrial environments. A security vulnerability exists in the SICK MEAC300 that stems from a standard user starting the application...

9.9CVSS6.6AI score0.00606EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/02/11 12:0 a.m.5 views

Fortinet FortiClient 授权问题漏洞

Fortinet FortiClientMac is a mobile endpoint security solution from Fortinet. The solution provides IPsec and SSL encryption, WAN optimization, endpoint compliance and two-factor authentication when connected to a FortiGate firewall appliance. Fortinet FortiClientMac suffers from an authorization...

8.4CVSS7.2AI score0.00231EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/01/14 12:9 a.m.17 views

CVE-2025-0067 Missing Authorization check in SAP NetWeaver Application Server Java

Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on...

6.3CVSS0.00252EPSS
Exploits0References2
CVE
CVE
added 2025/01/14 12:9 a.m.58 views

CVE-2025-0067

CVE-2025-0067 relates to SAP NetWeaver Application Server Java where a missing authorization check on service endpoints lets a user with a standard role create JCo connections used for remote function calls. The impact is described as low for confidentiality, integrity, and availability. Affected...

6.3CVSS6.4AI score0.00252EPSS
Exploits0References2
OSV
OSV
added 2024/09/03 10:15 a.m.4 views

CVE-2024-38811

VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...

7.8CVSS5.9AI score0.0028EPSS
Exploits0References1
Rows per page
Query Builder