Lucene search
K

541 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:48 a.m.10 views

CVE-2024-12149

Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested...

8.1CVSS6.8AI score0.00595EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:24 a.m.9 views

CVE-2023-45883

A privilege escalation vulnerability exists within the Qumu Multicast Extension v2 before 2.0.63 for Windows. When a standard user triggers a repair of the software, a pop-up window opens with SYSTEM privileges. Standard users may use this to gain arbitrary code execution as SYSTEM...

7.8CVSS8.1AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:20 a.m.13 views

CVE-2022-3859

An uncontrolled search path vulnerability exists in Trellix Agent TA for Windows in versions prior to 5.7.8. This allows an attacker with admin access, which is required to place the DLL in the restricted Windows System folder, to elevate their privileges to System by placing a malicious DLL ther...

6.7CVSS6.7AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:6 p.m.8 views

CVE-2022-34866

Passage Drive versions v1.4.0 to v1.5.1.0 and Passage Drive for Box version v1.0.0 contain an insufficient data verification vulnerability for interprocess communication. By running a malicious program, an arbitrary OS command may be executed with LocalSystem privilege of the Windows system where...

7.8CVSS7.2AI score0.00201EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:19 p.m.11 views

CVE-2021-23893

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption DE prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer...

8.8CVSS7AI score0.00144EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 p.m.9 views

CVE-2021-23002

When using BIG-IP APM 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, or all 12.1.x and 11.6.x versions or Edge Client versions 7.2.1.x before 7.2.1.1, 7.1.9.x before 7.1.9.8, or 7.1.8.x before 7.1.8.5, the session ID is visible in the arguments of th...

4.5CVSS7AI score0.00339EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:17 p.m.4 views

CVE-2020-0796

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka 'Windows SMBv3 Client/Server Remote Code Execution Vulnerability'...

10CVSS9.1AI score0.9981EPSS
Exploits125References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:43 p.m.7 views

CVE-2020-5740

Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges...

7.8CVSS7.8AI score0.00747EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.9 views

CVE-2020-10515

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006...

10CVSS7.4AI score0.02868EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:56 p.m.7 views

CVE-2020-1357

An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'...

7.8CVSS6.9AI score0.00738EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:29 p.m.9 views

CVE-2020-1011

An elevation of privilege vulnerability exists when the Windows System Assessment Tool improperly handles file operations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1009, CVE-2020-1015...

7.8CVSS6.6AI score0.02549EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 12:57 p.m.20 views

CVE-2018-19999

The local management interface in SolarWinds Serv-U FTP Server 15.1.6.25 has incorrect access controls that permit local users to bypass authentication in the application and execute code in the context of the Windows SYSTEM account, leading to privilege escalation. To exploit this vulnerability,...

7.8CVSS7.2AI score0.00605EPSS
Exploits2References1
OpenVAS
OpenVAS
added 2025/05/19 12:0 a.m.24 views

VMware Spring Framework < 5.3.43, 6.0.x < 6.0.28, 6.1.x < 6.1.20, 6.2.x < 6.2.7 Authorization Bypass Vulnerability - Windows

The VMware Spring Framework is prone to an authorization bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

3.1CVSS7.7AI score0.00351EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/17 6:56 a.m.18 views

CVE-2025-27525

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06...

3.9CVSS7AI score0.0012EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/15 5:13 p.m.16 views

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS0.0024EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/15 6:45 a.m.8 views

CVE-2025-27525 Information Exposure vulnerability in JP1/IT Desktop Management 2 - Smart Device Manager

Information Exposure vulnerability in Hitachi JP1/IT Desktop Management 2 - Smart Device Manager on Windows.This issue affects JP1/IT Desktop Management 2 - Smart Device Manager: from 12-00 before 12-00-08, from 11-10 through 11-10-08, from 11-00 through 11-00-05, from 10-50 through 10-50-06...

3.9CVSS7AI score0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/03 10:11 p.m.21 views

CVE-2025-4178

A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...

5.5CVSS7.3AI score0.00556EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/29 1:13 p.m.8 views

CVE-2025-4084 Potential local code execution in "copy as cURL" command

Due to insufficient escaping of the special characters in the "copy as cURL" feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system. This bug only affects Firefox for Windows. Other versions of Firefox are unaffected.. Thi...

7AI score0.00344EPSS
Exploits0References4
CVE
CVE
added 2025/04/27 11:56 p.m.72 views

CVE-2025-26692

The CVE-2025-26692 issue affects SIOS Quick Agent for Windows (V2/V3). The vulnerability is a Path Traversal flaw in the file upload (CWE-22) and also noted in related JVN data for file download, enabling a remote unauthenticated attacker with Windows system privileges to execute arbitrary code. ...

9.2CVSS7.6AI score0.00777EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/04/27 11:56 p.m.7 views

CVE-2025-26692

Quick Agent V3 and Quick Agent V2 contain an issue with improper limitation of a pathname to a restricted directory 'Path Traversal'. If exploited, arbitrary code may be executed by a remote unauthenticated attacker with the Windows system privilege where the product is running...

9.2CVSS8.3AI score0.00777EPSS
Exploits0References3
Rows per page
Query Builder