983 matches found
Adobe ColdFusion CAR File Parsing Directory Traversal Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe ColdFusion. Authentication is required to exploit this vulnerability. The specific flaw exists within the parsing of CAR files. The issue results from the lack of proper validation of a...
CVE-2025-69258
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations...
EUVD-2025-205014
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
EUVD-2025-205017
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14492
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14493
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14406
CVE-2025-14406 affects Soda PDF Desktop via an Uncontrolled Search Path Element Local Privilege Escalation. The root cause is the OpenSSL configuration being loaded from an unsecured location, enabling a local attacker who can run low-privileged code to escalate to SYSTEM and execute arbitrary co...
CVE-2025-14500
IceWarp14 is affected by a remote code execution vulnerability in the X-File-Operation header handling. The flaw stems from insufficient validation of a user-supplied string used to invoke a system call, allowing an attacker to execute code in the context of SYSTEM without authentication. This is...
CVE-2025-14490 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14488
RealDefense SUPERAntiSpyware is affected by a Local Privilege Escalation due to an exposed dangerous function in the SAS Core Service. The root cause is the exposed function that allows a low-privileged attacker who already has code execution on the target to escalate privileges and run arbitrary...
CVE-2025-14497 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
CVE-2025-14492 RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on...
RealDefense SUPERAntiSpyware Exposed Dangerous Function Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of RealDefense SUPERAntiSpyware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SAS...
IceWarp14 X-File-Operation Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of IceWarp. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the X-File-Operation header. The issue results from the lack of proper validatio...
ASUS MyASUS Incorrect Permission Assignment Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of ASUS MyASUS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AsusSwitchAgent...
CVE-2025-12683
The service employed by Everything, running as SYSTEM, communicates with the lower privileged Everything GUI via a named pipe. The named pipe has a NULL DACL and thus provides all users full permission over it; leading to potential Service Denial Of Service or Privilege escalationonly if chained...
CVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
UBUNTU-CVE-2025-62395
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
EUVD-2025-35666
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...
CVE-2025-62395 Moodle: external cohort search service leaks system cohort data
A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data...