CVE-2025-48961

CVE-2025-48961 affects Acronis Cyber Protect 16 (Windows) prior to build 39938, with local privilege escalation caused by insecure folder permissions. The vulnerability is tied to the stated affected product/version and root cause; exploitation details are not provided in the connected documents....

CVE-2025-48961

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Windows before build 39938...

CVE-2025-48961

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 Windows before build 39938...

Acronis Cyber Protect 安全漏洞

Acronis Cyber Protect is an all-in-one cyber protection solution for business and enterprise from Acronis Switzerland. Combining backup, anti-malware, cybersecurity and endpoint management features such as vulnerability assessment, URL filtering, patch management, etc. A security vulnerability...

PT-2025-23804 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 Windows versions before build 39938 Description: The issue is related to local privilege escalation due to insecure folder permissions. Recommendations: For Acronis Cyber Protect 16 Windows versions before build 39938...

📄 Adapt CMS 3.0.3 Remote Shell Upload

Adapt CMS version 3.0.3 suffers from a remote shell upload vulnerability. Exploit Title: Authenticated File Upload to RCE - adaptcmsv3.0.3 Date: 06/2025 Exploit Author: Andrey Stoykov Version: 3.0.3 Tested on: Debian 12 Blog: https://msecureltd.blogspot.com/ Authenticated File Upload to RCE 1:...

Grafana vulnerable to authenticated users bypassing dashboard, folder permissions

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

GHSA-3PX7-C4J3-576R Grafana vulnerable to authenticated users bypassing dashboard, folder permissions

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: - Viewers can view all dashboards/folders regardless of permissions -...

Authorization vulnerability in /apis allows authenticated users to bypass all dashboard permissions

A security vulnerability in the /apis/dashboard.grafana.app/ endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions v0alpha1, v1alpha1, v2alpha1. Impact: Viewers can view all dashboards/folders regardless of permissions Editors...

SUSE-SU-2025:01660-2 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.1. Security fixes: - MFSA 2025-34 bsc1243216 CVE-2025-3875: Sender Spoofing via Malformed From Header in Thunderbird. CVE-2025-3877: Unsolicited File Download, Disk Space Exhaustion, and Credential...

Siemens SCALANCE LPE9403 Path Traversal Vulnerability (CNVD-2025-17601)

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A path traversal vulnerability exists in the Siemens SCALANCE LPE9403, which can be exploited by an attacker to cause a...

CVE-2025-0222

A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be...

CVE-2025-0221

A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached...

CVE-2025-0223

A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference...

CVE-2025-24826

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 4625...

CVE-2024-24122

A remote code execution vulnerability in the project management of Wanxing Technology's Yitu project which allows an attacker to use the exp.adpx file as a zip compressed file to construct a special file name, which can be used to decompress the project file into the system startup folder, restar...

CVE-2024-34018

Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Snap Deploy Windows before build 4569...

CVE-2024-22809

Incorrect access control in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to access the G code's shared folder and view sensitive information...

CVE-2024-25908

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

CVE-2024-24386

An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder...