Export limit exceeded: 17842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9118 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27518 | 1 Superantispyware | 1 Professional X | 2025-07-12 | 7.8 High |
| An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. | ||||
| CVE-2025-0484 | 1 Fanli2012 | 1 Native-php-cms | 2025-07-12 | 7.3 High |
| A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0834 | 1 Wondershare | 1 Dr.fone | 2025-07-12 | 7.8 High |
| Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Wondershare\wsServices\ElevationService.exe’ with a malicious binary. This binary will be executed by SYSTEM automatically. | ||||
| CVE-2025-1881 | 1 I-drive | 2 I11, I12 | 2025-07-12 | 4.3 Medium |
| A vulnerability was found in i-Drive i11 and i12 up to 20250227. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Video Footage/Live Video Stream. The manipulation leads to improper access controls. The attack can be launched remotely. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life. | ||||
| CVE-2025-25295 | 1 Humansignal | 1 Label Studio | 2025-07-12 | N/A |
| Label Studio is an open source data labeling tool. A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. The flaw exists in the VOC, COCO and YOLO export functionalities. These functions invoke a `download` function on the `label-studio-sdk` python package, which fails to validate file paths when processing image references during task exports. By creating tasks with path traversal sequences in the image field, an attacker can force the application to read files from arbitrary server filesystem locations when exporting projects in any of the mentioned formats. This is authentication-required vulnerability allowing arbitrary file reads from the server filesystem. It may lead to potential exposure of sensitive information like configuration files, credentials, and confidential data. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio version 1.13.2.dev0; therefore, Label Studio users should upgrade to 1.16.0 or newer to mitigate it. | ||||
| CVE-2025-24006 | 1 Phoenixcontact | 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more | 2025-07-11 | 7.8 High |
| A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root. | ||||
| CVE-2025-48903 | 1 Huawei | 1 Harmonyos | 2025-07-11 | 7.8 High |
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-48911 | 1 Huawei | 1 Harmonyos | 2025-07-11 | 8.2 High |
| Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-6735 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.3 Medium |
| A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6736 | 1 Juzaweb | 1 Cms | 2025-07-11 | 6.3 Medium |
| A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29350 | 1 Microsoft | 1 Edge Chromium | 2025-07-10 | 7.5 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2025-27028 | 2025-07-10 | 6.8 Medium | ||
| The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted access (like, for example, the root password hash). | ||||
| CVE-2025-6702 | 1 Linlinjava | 1 Litemall | 2025-07-10 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in linlinjava litemall 1.8.0. Affected is an unknown function of the file /wx/comment/post. The manipulation of the argument adminComment leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-50450 | 1 Sensopart | 2 Visor Vision Sensors, Visor Vision Sensors Firmware | 2025-07-09 | 8.4 High |
| An issue was discovered in Sensopart VISOR Vision Sensors before 2.10.0.2 allows local users to perform unspecified actions with elevated privileges. | ||||
| CVE-2024-35430 | 1 Zkteco | 1 Zkbio Cvsecurity | 2025-07-09 | 8.1 High |
| In ZKTeco ZKBio CVSecurity v6.1.1_R and earlier (fixed in 6.1.3_R) an authenticated user can bypass password checks while exporting data from the application. | ||||
| CVE-2012-5864 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges. | ||||
| CVE-2012-5863 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system. | ||||
| CVE-2022-23296 | 1 Microsoft | 23 Windows 10, Windows 10 1507, Windows 10 1607 and 20 more | 2025-07-08 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-24778 | 1 Apache | 1 Streampipes | 2025-07-08 | 6.5 Medium |
| Improper privilege management in a REST interface allowed registered users to access unauthorized resources if the resource ID was know. This issue affects Apache StreamPipes: through 0.95.1. Users are recommended to upgrade to version 0.97.0 which fixes the issue. | ||||
| CVE-2018-9375 | 1 Google | 1 Android | 2025-07-03 | 7.8 High |
| In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||