Lucene search
K

62 matches found

Vulnrichment
Vulnrichment
added 2026/05/19 3:8 a.m.8 views

CVE-2026-25850 filemanagement_storage_service has an improper preservation of permissions vulnerability

in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

F5 BIG-IP和F5 BIG-IQ 安全漏洞

F5 BIG-IP and F5 BIG-IQ are both products from the American company F5. F5 BIG-IP is an application delivery platform that integrates functions such as network traffic management, application security management, and load balancing. F5 BIG-IQ is a software-based cloud management solution. This...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References1
CVE
CVE
added 2026/02/06 11:14 p.m.8 views

CVE-2020-37160

SprintWork 2.3.1 is affected by local privilege escalation due to insecure file, service, and folder permissions on Windows. Affected component: SprintWork executable/related services that allow creation of a new administrative user, leading to full system compromise. Root cause identified as ins...

8.5CVSS5.4AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:7 a.m.11 views

CVE-2020-12491

Improper control of framework service permissions with possibility of some sensitive device information leakage...

4.8CVSS6.7AI score0.00188EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/26 1:16 a.m.9 views

CVE-2025-66266 Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation

The RupsMon.exe service executable in UPSilon 2000 has insecure permissions, allowing the 'Everyone' group Full Control. A local attacker can replace the executable with a malicious binary to execute code with SYSTEM privileges or simply change the config path of the service to a command; startin...

9.3CVSS0.0012EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/14 10:52 p.m.5 views

CVE-2025-13131

A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vend...

8.5CVSS6.2AI score0.00113EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4793

Malware in sbrugna...

4.8CVSS6.4AI score0.00188EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 3:35 a.m.7 views

CVE-2023-2816

Consul and Consul Enterprise allowed any user with service:write permissions to use Envoy extensions configured via service-defaults to patch remote proxy instances that target the configured service, regardless of whether the user has permission to modify the services corresponding to those...

8.7CVSS9.3AI score0.00585EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.5 views

CVE-2023-27010

Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable...

7.8CVSS7.5AI score0.01016EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.10 views

CVE-2020-10073

GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page...

7.5CVSS6.6AI score0.01124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:8 a.m.6 views

CVE-2019-19460

An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is basically able to write to...

9.8CVSS6.2AI score0.03508EPSS
Exploits5References1
OSV
OSV
added 2025/04/16 6:16 p.m.4 views

CVE-2025-32856

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fr...

8.7CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2025/04/16 6:16 p.m.9 views

CVE-2025-32851

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

8.8CVSS0.00525EPSS
Exploits0References1
NVD
NVD
added 2025/04/16 6:16 p.m.7 views

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

8.8CVSS0.00604EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 5:38 p.m.6 views

CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

8.8CVSS7.8AI score0.00525EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 5:38 p.m.4 views

CVE-2025-32848

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from an...

8.8CVSS7.8AI score0.00525EPSS
Exploits0References1
CVE
CVE
added 2025/04/16 5:37 p.m.59 views

CVE-2025-32826

TeleControl Server Basic (all versions

8.8CVSS8.1AI score0.00604EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/04/16 5:37 p.m.52 views

CVE-2025-32823

TeleControl Server Basic prior to v3.1.2.2 is affected by a SQL injection in the LockProject method, enabling an authenticated remote attacker to bypass authorization and read/write the database, and potentially execute code with NT AUTHORITY\NetworkService privileges. Exploitation requires acces...

8.8CVSS8.1AI score0.00604EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/16 5:37 p.m.9 views

CVE-2025-31350

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateBufferingSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

8.8CVSS0.00648EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/16 5:37 p.m.5 views

CVE-2025-27539

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'VerifyUser' method. This could allow an unauthenticated remote attacker to bypass authorization controls, to read from and...

9.8CVSS8.1AI score0.00807EPSS
Exploits0References1
Rows per page
Query Builder