Total
2438 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32353 | 2025-07-29 | 4.8 Medium | ||
| Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file. | ||||
| CVE-2025-50062 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Global Payroll Core | 2025-07-29 | 8.1 High |
| Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2024-13975 | 1 Commvault | 1 Commvault | 2025-07-29 | N/A |
| A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8. | ||||
| CVE-2014-9193 | 1 Innominate | 1 Mguard Firmware | 2025-07-28 | N/A |
| Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | ||||
| CVE-2023-50677 | 1 Netgear | 2 Dgnd4000, Dgnd4000 Firmware | 2025-07-28 | 8.8 High |
| An issue in NETGEAR-DGND4000 v.1.1.00.15_1.00.15 allows a remote attacker to escalate privileges via the next_file parameter to the /setup.cgi component. | ||||
| CVE-2024-12284 | 1 Citrix | 2 Netscaler Agent, Netscaler Console | 2025-07-25 | 8.8 High |
| Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. | ||||
| CVE-2024-6677 | 1 Citrix | 1 Uberagent | 2025-07-25 | 7.8 High |
| Privilege escalation in uberAgent | ||||
| CVE-2024-6286 | 1 Citrix | 1 Workspace | 2025-07-25 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows | ||||
| CVE-2024-6151 | 1 Citrix | 1 Virtual Apps And Desktops | 2025-07-25 | 7.8 High |
| Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Virtual Delivery Agent for Windows used by Citrix Virtual Apps and Desktops and Citrix DaaS | ||||
| CVE-2016-15045 | 2025-07-25 | N/A | ||
| A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root. | ||||
| CVE-2025-20282 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2025-07-25 | 10 Critical |
| A vulnerability in an internal API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and then execute those files on the underlying operating system as root. This vulnerability is due a lack of file validation checks that would prevent uploaded files from being placed in privileged directories on an affected system. An attacker could exploit this vulnerability by uploading a crafted file to the affected device. A successful exploit could allow the attacker to store malicious files on the affected system and then execute arbitrary code or obtain root privileges on the system. | ||||
| CVE-2025-50066 | 1 Oracle | 1 Database Server | 2025-07-24 | 2.7 Low |
| Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_REDEFINITION privilege with network access via Oracle Net to compromise Oracle Database Materialized View. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Materialized View accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2025-50064 | 1 Oracle | 1 Weblogic Server | 2025-07-24 | 4.8 Medium |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-50061 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2025-07-24 | 5.4 Medium |
| Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.0-20.12.21, 21.12.0-21.12.21, 22.12.0-22.12.19, 23.12.0-23.12.13 and 24.12.0-24.12.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2024-44097 | 1 Google | 12 Nest Cam \(indoor\, Wired\), Nest Cam \(indoor\, Wired\) Firmware, Nest Cam \(outdoor Or Indoor\, Battery\) and 9 more | 2025-07-24 | 9.8 Critical |
| According to the researcher: "The TLS connections are encrypted against tampering or eavesdropping. However, the application does not validate the server certificate properly while initializing the TLS connection. This allows for a network attacker to intercept the connection and read the data. The attacker could the either send the client a malicious response, or forward the (possibly modified) data to the real server." | ||||
| CVE-2022-35768 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-07-24 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2021-38638 | 1 Microsoft | 20 Windows 10, Windows 10 1507, Windows 10 1607 and 17 more | 2025-07-24 | 7.8 High |
| Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | ||||
| CVE-2021-34487 | 1 Microsoft | 10 Windows 10, Windows 10 1607, Windows 10 1809 and 7 more | 2025-07-24 | 7 High |
| Windows Event Tracing Elevation of Privilege Vulnerability | ||||
| CVE-2022-44689 | 1 Microsoft | 5 Windows 10, Windows 11, Windows Server 2019 and 2 more | 2025-07-22 | 7.8 High |
| Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2015-10139 | 2025-07-22 | 8.8 High | ||
| The WPLMS theme for WordPress is vulnerable to Privilege Escalation in versions 1.5.2 to 1.8.4.1 via the 'wp_ajax_import_data' AJAX action. This makes it possible for authenticated attackers to change otherwise restricted settings and potentially create a new accessible admin account. | ||||