| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was identified in MineAdmin 1.x/2.x. The impacted element is an unknown function of the file /system/cache/view of the component View Interface. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| An attacker with limited permissions may still be able to write files to specific locations on the device, potentially leading to system manipulation. |
| Uploading unvalidated container images may allow remote attackers to gain full access to the system, potentially compromising its integrity and confidentiality. |
| Incorrect Privilege Assignment vulnerability in Modular DS modular-connector allows Privilege Escalation.This issue affects Modular DS: from 2.5.2 before 2.6.0. |
| A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in Sanluan PublicCMS up to 5.202506.d. Affected is the function delete of the file publiccms-trade/src/main/java/com/publiccms/controller/web/trade/TradeAddressController.java of the component Trade Address Deletion Endpoint. Performing a manipulation of the argument ids results in improper authorization. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used. |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. |
| Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. |
| Visual Tools DVR VX16 version 4.2.28 contains a local privilege escalation vulnerability in its Sudo configuration that allows attackers to gain root access. Attackers can exploit the unsafe Sudo settings by using mount commands to bind a shell, enabling unauthorized system-level privileges. |
| An attacker with low privileges may be able to trigger critical system functions such as reboot or factory reset without proper restrictions, potentially leading to service disruption or loss of configuration. |
| An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. |
| SnapCenter versions prior to
6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an
authenticated SnapCenter Server user to become an admin user on a remote
system where a SnapCenter plug-in has been installed. |
| Incorrect Privilege Assignment vulnerability in Modular DS allows Privilege Escalation.This issue affects Modular DS: from n/a through 2.5.1. |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation.This issue affects RealHomes: from n/a through 4.3.6. |
| Cyclades Serial Console Server 3.3.0 contains a local privilege escalation vulnerability due to overly permissive sudo privileges for the admin user and admin group. Attackers can exploit the default user configuration to gain root access by manipulating system binaries and leveraging unrestricted sudo permissions. |
| Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0. |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request |
| An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via the application stores password hashes in MD5 format |
| Incorrect Privilege Assignment vulnerability in Dasinfomedia WPCHURCH allows Privilege Escalation.This issue affects WPCHURCH: from n/a through 2.7.0. |
