Export limit exceeded: 10557 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9117 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62592 | 1 Oracle | 1 Vm Virtualbox | 2025-10-23 | 6 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2025-36631 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-23 | 8.4 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. | ||||
| CVE-2023-35674 | 1 Google | 1 Android | 2025-10-23 | 8.8 High |
| In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-5525 | 1 Codester | 1 Astrotalks | 2025-10-23 | 8.3 High |
| Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative actions. | ||||
| CVE-2025-5494 | 1 Zohocorp | 1 Manageengine Endpoint Central | 2025-10-22 | 3.9 Low |
| ZohoCorp ManageEngine Endpoint Central was impacted by an improper privilege management issue in the agent setup. This issue affects Endpoint Central: through 11.4.2500.25, through 11.4.2508.13. | ||||
| CVE-2025-2320 | 1 274056675 | 1 Springboot-openai-chatgpt | 2025-10-22 | 7.3 High |
| A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-2334 | 1 274056675 | 1 Springboot-openai-chatgpt | 2025-10-21 | 5.4 Medium |
| A vulnerability classified as problematic has been found in 274056675 springboot-openai-chatgpt e84f6f5. This affects the function deleteChat of the file /api/mjkj-chat/chat/ai/delete/chat of the component Chat History Handler. The manipulation of the argument chatListId leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56747 | 1 Creativeitem | 1 Academy Lms | 2025-10-21 | 6.5 Medium |
| Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functions without proper role validation, allowing unauthorized course creation and management. | ||||
| CVE-2025-9067 | 2 Microsoft, Rockwellautomation | 2 Windows, Factorytalk Linx | 2025-10-20 | 7.8 High |
| A security issue exists within the x86 Microsoft Installer File (MSI), installed with FTLinx. Authenticated attackers with valid Windows user credentials can initiate a repair and hijack the resulting console window. This allows the launching of a command prompt running with SYSTEM-level privileges, allowing full access to all files, processes, and system resources. | ||||
| CVE-2022-37002 | 1 Huawei | 3 Emui, Harmonyos, Magic Ui | 2025-10-20 | 7.4 High |
| The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this vulnerability can cause malicious applications to pop up windows or run in the background. | ||||
| CVE-2022-20360 | 1 Google | 1 Android | 2025-10-20 | 6.2 Medium |
| In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987 | ||||
| CVE-2022-20347 | 1 Google | 1 Android | 2025-10-20 | 7.5 High |
| In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811 | ||||
| CVE-2022-20239 | 1 Google | 1 Android | 2025-10-20 | 4.2 Medium |
| remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233972091 | ||||
| CVE-2025-58282 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 2.8 Low |
| Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58285 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.3 Medium |
| Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58283 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54654 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 6.2 Medium |
| Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality | ||||
| CVE-2025-58284 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.9 Medium |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58293 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-50892 | 1 Easeus | 2 Eudskacs.sys Driver, Todo Backup | 2025-10-20 | 7.8 High |
| The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation. | ||||