Total
299 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55077 | 3 Microsoft, Tyler Technologies, Tylertech | 3 Windows, Erp Pro 9 Saas, Erp Pro 9 | 2025-09-23 | 7.4 High |
| Tyler Technologies ERP Pro 9 SaaS allows an authenticated user to escape the application and execute limited operating system commands within the remote Microsoft Windows environment with the privileges of the authenticated user. Tyler Technologies deployed hardened remote Windows environment settings to all ERP Pro 9 SaaS customer environments as of 2025-08-01. | ||||
| CVE-2025-58432 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2025-09-22 | 7.8 High |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and all prior versions, the /v2_1/files/file/uploadV2 endpoint allows file upload from ANY USER who has access to localhost. File uploads are performed AS ROOT. | ||||
| CVE-2025-58431 | 2 Icewhaletech, Zimaspace | 2 Zimaos, Zimaos | 2025-09-22 | 6.2 Medium |
| ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.4.1 and earlier, the /v2_1/files/file/download endpoint allows file read from ANY USER who has access to localhost. File reads are performed AS ROOT. | ||||
| CVE-2024-47120 | 2 Ibm, Linux | 2 Security Verify Information Queue, Linux Kernel | 2025-09-18 | 6.4 Medium |
| IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges. | ||||
| CVE-2025-57119 | 1 Phpgurukul | 1 Online Library Management System | 2025-09-18 | 9.8 Critical |
| An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function | ||||
| CVE-2025-37128 | 2 Arubanetworks, Hp | 2 Edgeconnect Enterprise, Arubaos | 2025-09-17 | 6.8 Medium |
| A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state. | ||||
| CVE-2025-33120 | 1 Ibm | 2 Qradar Incident Forensics, Qradar Security Information And Event Manager | 2025-09-15 | 7.8 High |
| IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges. | ||||
| CVE-2025-42958 | 1 Sap | 2 Netweaver, Sap Netweaver | 2025-09-10 | 9.1 Critical |
| Due to a missing authentication check in the SAP NetWeaver application on IBM i-series, the application allows high privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities. This results in a high impact on the confidentiality, integrity, and availability of the application. | ||||
| CVE-2025-6019 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-09-04 | 7 High |
| A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system. | ||||
| CVE-2025-49581 | 1 Xwiki | 2 Xwiki, Xwiki-platform | 2025-09-03 | 8.8 High |
| XWiki is a generic wiki platform. Any user with edit right on a page (could be the user's profile) can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. This allows full access to the whole XWiki installation. The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. This can be exploited by overriding a macro like the children macro that is used in a page that has programming right like the page XWiki.ChildrenMacro and thus allows arbitrary script macros. This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value. | ||||
| CVE-2025-0078 | 1 Google | 1 Android | 2025-09-02 | 8.8 High |
| In main of main.cpp, there is a possible way to bypass SELinux due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-0080 | 1 Google | 1 Android | 2025-09-02 | 7.8 High |
| In multiple locations, there is a possible way to overlay the installation confirmation dialog due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-0079 | 1 Google | 1 Android | 2025-09-02 | 7.8 High |
| In multiple locations, there is a possible way that avdtp and avctp channels could be unencrypted due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2022-38691 | 1 Unisoc | 4 Sc9863a, T310, T610 and 1 more | 2025-09-02 | 7.8 High |
| In BootROM, there is a possible missing validation for Certificate Type 0. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38695 | 2025-09-02 | 7.8 High | ||
| In BootRom, there's a possible unchecked command index. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2022-38694 | 2025-09-02 | 7.8 High | ||
| In BootRom, there is a possible unchecked write address. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-1951 | 1 Ibm | 2 Hardware Management Console, Power Hardware Management Console | 2025-09-01 | 8.4 High |
| IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands as a privileged user due to execution of commands with unnecessary privileges. | ||||
| CVE-2024-5042 | 1 Redhat | 2 Acm, Openshift Data Foundation | 2025-08-30 | 6.6 Medium |
| A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. | ||||
| CVE-2025-50753 | 1 Mitrastar | 1 Gpt-2741gnac-n2 | 2025-08-29 | 8.4 High |
| Mitrastar GPT-2741GNAC-N2 devices are provided with access through ssh into a restricted default shell.The command "deviceinfo show file" is supposed to be used from restricted shell to show files and directories. By providing " /bin/sh" (quotes included) to the argument of this command will drop a root shell. | ||||
| CVE-2024-7387 | 1 Redhat | 1 Openshift | 2025-08-27 | 9.1 Critical |
| A flaw was found in openshift/builder. This vulnerability allows command injection via path traversal, where a malicious user can execute arbitrary commands on the OpenShift node running the builder container. When using the “Docker” strategy, executable files inside the privileged build container can be overridden using the `spec.source.secrets.secret.destinationDir` attribute of the `BuildConfig` definition. An attacker running code in a privileged container could escalate their permissions on the node running the container. | ||||