Export limit exceeded: 13909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55948 | 1 Yzcheng90 | 1 X-springboot | 2025-12-23 | 7.3 High |
| This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control (RBAC) through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests when frontend menu updates (such as privilege revocation) fail to propagate to the backend permission table in real-time, creating a dangerous desynchronization. While users lose access to restricted functions through the web interface (as UI elements properly disappear), the stale permission records still validate unauthorized API requests when accessed directly through tools like Postman. Attackers exploiting this inconsistency can perform privileged operations including but not limited to: creating high-permission user accounts, accessing sensitive data beyond their clearance level, and executing admin-level commands. | ||||
| CVE-2025-67727 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2025-12-22 | 9.8 Critical |
| Parse Server is an open source backend that can be deployed to any infrastructure that runs Node.js. In versions prior to 8.6.0-alpha.2, a GitHub CI workflow is triggered in a way that grants the GitHub Actions workflow elevated permissions, giving it access to GitHub secrets and write permissions which are defined in the workflow. Code from a fork or lifecycle scripts is potentially included. Only the repository's CI/CD infrastructure is affected, including any public GitHub forks with GitHub Actions enabled. This issue is fixed version 8.6.0-alpha.2 and commits 6b9f896 and e3d27fe. | ||||
| CVE-2025-4922 | 1 Hashicorp | 1 Nomad | 2025-12-22 | 8.1 High |
| Nomad Community and Nomad Enterprise (“Nomad”) prefix-based ACL policy lookup can lead to incorrect rule application and shadowing. This vulnerability, identified as CVE-2025-4922, is fixed in Nomad Community Edition 1.10.2 and Nomad Enterprise 1.10.2, 1.9.10, and 1.8.14. | ||||
| CVE-2025-13116 | 1 Macrozheng | 2 Mall, Mall-swarm | 2025-12-19 | 5.4 Medium |
| A weakness has been identified in macrozheng mall-swarm and mall up to 1.0.3. Affected is the function cancelUserOrder of the file /order/cancelUserOrder. Executing manipulation of the argument orderId can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2020-11640 | 1 Abb | 1 Advabuild | 2025-12-19 | 8.8 High |
| AdvaBuild uses a command queue to launch certain operations. An attacker who gains access to the command queue can use it to launch an attack by running any executable on the AdvaBuild node. The executables that can be run are not limited to AdvaBuild specific executables. Improper Privilege Management vulnerability in ABB Advant MOD 300 AdvaBuild.This issue affects Advant MOD 300 AdvaBuild: from 3.0 through 3.7 SP2. | ||||
| CVE-2025-36100 | 1 Ibm | 1 Mq | 2025-12-19 | 5.1 Medium |
| IBM MQ LTS 9.1.0.0 through 9.1.0.29, 9.2.0.0 through 9.2.0.36, 9.3.0.0 through 9.3.0.30 and 9.4.0.0 through 9.4.0.12 and IBM MQ CD 9.3.0.0 through 9.3.5.1 and 9.4.0.0 through 9.4.3.0 Java and JMS stores a password in client configuration files when trace is enabled which can be read by a local user. | ||||
| CVE-2025-14749 | 2 Ningyuanda, Shenzhenningyuandatechnology | 3 Tc155, Tc155, Tc155 Firmware | 2025-12-18 | 6.3 Medium |
| A vulnerability was identified in Ningyuanda TC155 57.0.2.0. This impacts an unknown function of the file /onvif/device_service of the component ONVIF PTZ Control Interface. The manipulation leads to improper access controls. The attack requires being on the local network. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14748 | 2 Ningyuanda, Shenzhenningyuandatechnology | 3 Tc155, Tc155, Tc155 Firmware | 2025-12-18 | 5.4 Medium |
| A vulnerability was determined in Ningyuanda TC155 57.0.2.0. This affects an unknown function of the file /onvif/device_service of the component ONVIF Device Management Service. Executing manipulation of the argument FactoryDefault with the input Hard can lead to improper access controls. The attack requires access to the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-7044 | 1 Canonical | 1 Maas | 2025-12-18 | 7.7 High |
| An Improper Input Validation vulnerability exists in the user websocket handler of MAAS. An authenticated, unprivileged attacker can intercept a user.update websocket request and inject the is_superuser property set to true. The server improperly validates this input, allowing the attacker to self-promote to an administrator role. This results in full administrative control over the MAAS deployment. | ||||
| CVE-2025-55076 | 3 Apple, Plugin-alliance, Plugin Alliance | 3 Macos, Installation Manager, Installation Manager | 2025-12-18 | 6.2 Medium |
| A local privilege escalation vulnerability exists in the InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 for macOS. The service accepts unauthenticated XPC connections and executes input via system(), which may allow a local user to execute arbitrary commands with root privileges. | ||||
| CVE-2025-62686 | 3 Apple, Plugin-alliance, Plugin Alliance | 3 Macos, Installation Manager, Installation Manager | 2025-12-18 | 6.2 Medium |
| A local privilege escalation vulnerability exists in the Plugin Alliance InstallationHelper service included with Plugin Alliance Installation Manager v1.4.0 on macOS. Due to the absence of a hardened runtime and a __RESTRICT segment, a local user may exploit the DYLD_INSERT_LIBRARIES environment variable to inject a dynamic library, potentially resulting in code execution with elevated privileges. | ||||
| CVE-2025-65842 | 3 Acustica-audio, Acusticaudio, Apple | 3 Aquarius Helpertool, Aquarius Helpertool, Macos | 2025-12-18 | 5.1 Medium |
| The Aquarius HelperTool (1.0.003) privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights with a NULL reference, causing all authorization checks to succeed. The executeCommand:authorization:withReply: method then interpolates attacker-controlled input into NSTask and executes it with root privileges. A local attacker can exploit these weaknesses to run arbitrary commands as root, create persistent backdoors, or obtain a fully interactive root shell. | ||||
| CVE-2025-67792 | 2 Drivelock, Microsoft | 2 Drivelock, Windows | 2025-12-18 | 7.8 High |
| An issue was discovered in DriveLock 24.1 before 24.1.6, 24.2 before 24.2.7, and 25.1 before 25.1.5. Local unprivileged users can manipulate a DriveLock process to execute arbitrary commands on Windows computers. | ||||
| CVE-2025-65807 | 2 Chmln, Sd Project | 2 Sd, Sd | 2025-12-17 | 8.4 High |
| An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command. | ||||
| CVE-2023-47267 | 1 Thegreenbow | 1 Thegreenbow Vpn Client | 2025-12-17 | 9.8 Critical |
| An issue discovered in TheGreenBow Windows Enterprise Certified VPN Client 6.52, Windows Standard VPN Client 6.87, and Windows Enterprise VPN Client 6.87 allows attackers to gain escalated privileges via crafted changes to memory mapped file. | ||||
| CVE-2023-4936 | 1 Synaptics | 1 Displaylink | 2025-12-17 | 5.5 Medium |
| It is possible to sideload a compromised DLL during the installation at elevated privilege. | ||||
| CVE-2025-12381 | 2 Algosec, Linux | 2 Firewall Analyzer, Linux Kernel | 2025-12-17 | 7.8 High |
| Improper Privilege Management vulnerability in AlgoSec Firewall Analyzer on Linux, 64 bit allows Privilege Escalation, Parameter Injection. A local user with access to the command line may escalate their privileges by abusing the parameters of a command that is approved in the sudoers file. This issue affects Firewall Analyzer: A33.0, A33.10. | ||||
| CVE-2023-41715 | 1 Sonicwall | 61 Nsa2700, Nsa3700, Nsa4700 and 58 more | 2025-12-16 | 8.8 High |
| SonicOS post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel allows users to elevate their privileges inside the tunnel. | ||||
| CVE-2023-20048 | 1 Cisco | 1 Secure Firewall Management Center | 2025-12-16 | 9.9 Critical |
| A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. This vulnerability is due to insufficient authorization of configuration commands that are sent through the web service interface. An attacker could exploit this vulnerability by authenticating to the FMC web services interface and sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to execute certain configuration commands on the targeted FTD device. To successfully exploit this vulnerability, an attacker would need valid credentials on the FMC Software. | ||||
| CVE-2021-38638 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-12-16 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||