OneUptime 访问控制错误漏洞

OneUptime is a comprehensive solution from OneUptime Open Source. for monitoring and managing your online services. An Access Control Error vulnerability exists in versions prior to OneUptime 8.0.5567 that stems from login response manipulation and could lead to elevation of privilege...

WordPress plugin EduKart Pro 安全漏洞

WordPress EduKart Pro plugin is an e-commerce plugin for the WordPress platform that is primarily used to build and manage online stores. WordPress EduKart Pro plugin has an elevation of privilege vulnerability that stems from the edukartproregisteruserfrontend function not restricting user...

NVIDIA DGX Spark 缓冲区错误漏洞

The NVIDIA DGX Spark is a personal AI computer from NVIDIA. A buffer error vulnerability exists in NVIDIA DGX Spark GB10, which stems from an out-of-bounds write in the SROOT firmware that could lead to code execution, data tampering, denial of service, or elevation of privilege...

Primakon Pi Portal 安全漏洞

Primakon Pi Portal is a project, contract management platform from Primakon Croatia. A security vulnerability exists in Primakon Pi Portal version 1.0.18, which stems from insufficient authorization checking of API endpoints and could lead to unauthorized data manipulation and elevation of...

AMD Xilinx Run Time 安全漏洞

AMD Xilinx Run Time is a standardized runtime environment developed by AMD for Xilinx FPGAs that provides a unified software interface to optimize FPGA arithmetic. An elevation of privilege vulnerability exists in AMD Xilinx Run Time that stems from insufficient authentication and can be exploite...

EUVD-2025-198370

Azure Bastion Elevation of Privilege Vulnerability...

EUVD-2025-198372

Improper authorization in Dynamics OmniChannel SDK Storage Containers allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-64655

CVE-2025-64655 : Multiple sources corroborate an improper authorization vulnerability in the Dynamics OmniChannel SDK Storage Containers that could allow network-based privilege elevation. Affected product is the Dynamics OmniChannel SDK Storage Containers; root cause is improper authorization le...

AudioCodes Fax Server 安全漏洞

AudioCodes Fax Server is a fax server from AudioCodes Israel. A security vulnerability exists in AudioCodes Fax Server version 2.6.23 and prior versions, which originates from a writable batch script that could lead to local elevation of privilege...

PT-2025-47349

Name of the Vulnerable Software and Affected Versions NVIDIA Isaac-GR00T for all platforms affected versions not specified Description A flaw exists in a Python component of NVIDIA Isaac-GR00T that could allow an attacker to inject code. Exploitation of this issue may result in code execution,...

NVIDIA Isaac-GR00T 代码注入漏洞

NVIDIA Isaac-GR00T is an open base modeling platform from NVIDIA. NVIDIA Isaac-GR00T suffers from a code injection vulnerability that stems from a code injection issue in the Python component that could lead to code execution, elevation of privilege, information disclosure, and data tampering...

AVEVA Application Server 安全漏洞

AVEVA Application Server is an industrial automation real-time control platform from AVEVA UK. A security vulnerability exists in AVEVA Application Server that stems from a cross-site script injection issue in the IDE component that could lead to elevation of privilege...

Intel QAT Windows software out-of-bounds write vulnerability

Intel QAT Windows software refers to the collection of Intel® Data Protection and Compression Acceleration Technology software components that provide support for the Windows operating system. An out-of-bounds write vulnerability exists in Intel QAT Windows software that originates from an...

Intel CIP elevation of privilege vulnerability (CNVD-2025-28675)

Intel CIP is an optional program from Intel designed to improve products by collecting performance data from users' computers. Intel CIP suffers from an elevation of privilege vulnerability that stems from an uncontrolled search path, which can be exploited by an attacker to cause elevation of...

CVE-2025-46608

Dell Data Lakehouse, versions prior to 1.6.0.0, contains an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in...

CVE-2025-20341

A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by...

CVE-2025-46608

Dell Data Lakehouse, versions prior to 1.6.0.0, contains an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in...

CVE-2025-46608

Dell Data Lakehouse, versions prior to 1.6.0.0, contains an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in...

CVE-2025-60722

Improper limitation of a pathname to a restricted directory 'path traversal' in OneDrive for Android allows an authorized attacker to elevate privileges over a network...

CVE-2025-60705

Improper access control in Windows Client-Side Caching CSC Service allows an authorized attacker to elevate privileges locally...