Total
489 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8840 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.5 MEDIUM | 5.4 MEDIUM |
| A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947. | |||||
| CVE-2025-8839 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-58322 | 2 Microsoft, Naver | 2 Windows, Mybox | 2025-09-09 | N/A | 7.8 HIGH |
| NAVER MYBOX Explorer for Windows before 3.0.8.133 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM by invoking arbitrary DLLs due to improper privilege checks. | |||||
| CVE-2025-10073 | 1 Portabilis | 1 I-educar | 2025-09-09 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-10072 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-10071 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-10070 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.5 MEDIUM | 6.3 MEDIUM |
| A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |||||
| CVE-2025-10014 | 2025-09-08 | 2.1 LOW | 3.1 LOW | ||
| A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is said to be difficult. The exploit has been published and may be used. It is required to know the RSA-encrypted password of the attacked user account. | |||||
| CVE-2025-10084 | 2025-09-08 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2025-10086 | 2025-09-08 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936. | |||||
| CVE-2025-10013 | 1 Portabilis | 1 I-educar | 2025-09-08 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2025-2713 | 1 Google | 1 Gvisor | 2025-09-08 | N/A | 7.8 HIGH |
| Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork. | |||||
| CVE-2025-48526 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In createMultiProfilePagerAdapter of ChooserActivity.java , there is a possible way for an app to launch the ChooserActivity in another profile due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-26425 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In multiple functions of RoleService.java, there is a possible permission squatting vulnerability due to a logic error in the code. This could lead to local escalation of privilege on versions of Android where android.permission.MANAGE_DEFAULT_APPLICATIONS was not defined with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-48528 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In multiple locations, there is a possible way to overlay biometrics due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-22415 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In android_app of Android.bp, there is a possible way to launch any activity as a system user. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2024-49731 | 1 Google | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
| In apk-versions.txt, there is a possible corruption of telemetry opt-in settings on other watches when setting up a new Pixel Watch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-58841 | 2025-09-05 | N/A | 5.5 MEDIUM | ||
| Incorrect Privilege Assignment vulnerability in John Luetke Media Author allows Privilege Escalation. This issue affects Media Author: from n/a through 1.0.4. | |||||
| CVE-2024-23976 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-09-05 | N/A | 6.0 MEDIUM |
| When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | |||||
| CVE-2025-9609 | 1 Portabilis | 1 I-educar | 2025-09-04 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used. | |||||