Lucene search
K

983 matches found

Zero Day Initiative
Zero Day Initiative
added 2026/02/06 12:0 a.m.4 views

Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of CAR files. The issue results from the lack of proper validation of a...

7.2CVSS6.1AI score0.08773EPSS
Exploits0References1
NVD
NVD
added 2026/01/08 1:15 p.m.7 views

CVE-2025-69258

A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...

9.8CVSS0.0322EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/24 12:30 a.m.5 views

EUVD-2025-205014

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7AI score0.00172EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 12:30 a.m.17 views

EUVD-2025-205017

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7AI score0.00172EPSS
Exploits0References2
OSV
OSV
added 2025/12/23 10:15 p.m.6 views

CVE-2025-14492

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS6.2AI score0.00172EPSS
Exploits0References1
OSV
OSV
added 2025/12/23 10:15 p.m.5 views

CVE-2025-14493

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS6.2AI score0.00172EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:23 p.m.13 views

CVE-2025-14406

CVE-2025-14406 affects Soda PDF Desktop via an Uncontrolled Search Path Element Local Privilege Escalation. The root cause is the OpenSSL configuration being loaded from an unsecured location, enabling a local attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary co...

7.8CVSS7.8AI score0.00138EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2025/12/23 9:19 p.m.38 views

CVE-2025-14500

IceWarp14 is affected by a remote code execution vulnerability in the X-File-Operation header handling. The flaw stems from insufficient validation of a user-supplied string used to invoke a system call, allowing an attacker to execute code in the context of SYSTEM without authentication. This is...

9.8CVSS9.6AI score0.01443EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/23 9:16 p.m.3 views

CVE-2025-14490 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.7AI score0.00171EPSS
Exploits0References1
CVE
CVE
added 2025/12/23 9:16 p.m.11 views

CVE-2025-14488

RealDefense SUPERAntiSpyware is affected by a Local Privilege Escalation due to an exposed dangerous function in the SAS Core Service. The root cause is the exposed function that allows a low-privileged attacker who already has code execution on the target to escalate privileges and run arbitrary...

7.8CVSS7.8AI score0.00172EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/23 9:16 p.m.6 views

CVE-2025-14497 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS7.1AI score0.00172EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/23 9:16 p.m.20 views

CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS0.00172EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/19 12:0 a.m.5 views

RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS...

7.8CVSS7.5AI score0.00172EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/12/10 12:0 a.m.5 views

IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validatio...

9.8CVSS7.6AI score0.01443EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2025/11/25 12:0 a.m.7 views

ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AsusSwitchAgent...

7.8CVSS7.4AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2025/11/04 5:16 a.m.3 views

CVE-2025-12683

The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...

8.8CVSS0.0009EPSS
Exploits0References1
NVD
NVD
added 2025/10/23 12:15 p.m.6 views

CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS0.00227EPSS
Exploits0References2
OSV
OSV
added 2025/10/23 12:15 p.m.9 views

UBUNTU-CVE-2025-62395

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS5.8AI score0.00227EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/23 11:29 a.m.6 views

EUVD-2025-35666

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS6AI score0.00227EPSS
Exploits0References3
OSV
OSV
added 2025/10/23 11:29 a.m.3 views

CVE-2025-62395 Moodle: external cohort search service leaks system cohort data

A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...

4.3CVSS5.9AI score0.00227EPSS
Exploits0References5
Rows per page
Query Builder