Total
240 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-58431 | 1 Zimaspace | 1 Zimaos | 2025-09-22 | N/A | 6.2 MEDIUM |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT. | |||||
| CVE-2024-47120 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-18 | N/A | 6.4 MEDIUM |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges. | |||||
| CVE-2025-57119 | 1 Phpgurukul | 1 Online Library Management System | 2025-09-18 | N/A | 9.8 CRITICAL |
| An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function | |||||
| CVE-2025-37128 | 2025-09-17 | N/A | 6.8 MEDIUM | ||
| A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state. | |||||
| CVE-2025-33120 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-09-15 | N/A | 7.8 HIGH |
| IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges. | |||||
| CVE-2025-42958 | 2025-09-09 | N/A | 9.1 CRITICAL | ||
| Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application. | |||||
| CVE-2025-49581 | 1 Xwiki | 1 Xwiki | 2025-09-03 | N/A | 8.8 HIGH |
| XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value. | |||||
| CVE-2025-0078 | 1 Google | 1 Android | 2025-09-02 | N/A | 8.8 HIGH |
| In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0080 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-0079 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.8 HIGH |
| In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2022-38691 | 2025-09-02 | N/A | 7.8 HIGH | ||
| In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2022-38694 | 2025-09-02 | N/A | 7.8 HIGH | ||
| In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2022-38695 | 2025-09-02 | N/A | 7.8 HIGH | ||
| In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed. | |||||
| CVE-2025-50753 | 2025-08-29 | N/A | 8.4 HIGH | ||
| Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included) to the argument of this command will drop a root shell. | |||||
| CVE-2024-2240 | 1 Broadcom | 1 Brocade Sannav | 2025-08-26 | N/A | 7.2 HIGH |
| Docker daemon in Brocade SANnav before SANnav 2.3.1b runs without auditing. The vulnerability could allow a remote authenticated attacker to execute various attacks. | |||||
| CVE-2025-33108 | 1 Ibm | 1 I | 2025-08-20 | N/A | 8.5 HIGH |
| IBM Backup, Recovery and Media Services for i 7.4 and 7.5 could allow a user with the capability to compile or restore a program to gain elevated privileges due to a library unqualified call made by a BRMS program. A malicious actor could cause user-controlled code to run with component access to the host operating system. | |||||
| CVE-2025-21110 | 1 Dell | 1 Data Lakehouse | 2025-08-18 | N/A | 6.7 MEDIUM |
| Dell Data Lakehouse, versions prior to 1.5.0.0, contains an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service. | |||||
| CVE-2025-40767 | 1 Siemens | 1 Sinec Traffic Analyzer | 2025-08-15 | N/A | 7.8 HIGH |
| A vulnerability has been identified in SINEC Traffic Analyzer (6GK8822-1BG01-0BA0) (All versions < V3.0). The affected application runs docker containers without adequate security controls to enforce isolation. This could allow an attacker to gain elevated access, potentially accessing sensitive host system resources. | |||||
| CVE-2025-8907 | 2025-08-13 | 6.0 MEDIUM | 7.0 HIGH | ||
| A vulnerability was found in H3C M2 NAS V100R006. Affected by this vulnerability is an unknown functionality of the component Webserver Configuration. The manipulation leads to execution with unnecessary privileges. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor explains: "[T]he device only has configuration files and does not actually have boa functionality. It is impossible to access or upload files anonymously to the device through boa services". This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2025-36048 | 6 Apple, Ibm, Linux and 3 more | 6 Macos, Webmethods Integration, Linux Kernel and 3 more | 2025-08-13 | N/A | 7.2 HIGH |
| IBM webMethods Integration Server 10.5, 10.7, 10.11, and 10.15 could allow a privileged user to escalate their privileges when handling external entities due to execution with unnecessary privileges. | |||||