Search Results (8779 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-22331 1 Contec 1 Conprosys Hmi System 2025-04-03 7.5 High
Use of default credentials vulnerability in CONPROSYS HMI System (CHS) Ver.3.4.5 and earlier allows a remote unauthenticated attacker to alter user credentials information.
CVE-2022-25631 1 Broadcom 1 Symantec Endpoint Protection 2025-04-03 7.8 High
Symantec Endpoint Protection, prior to 14.3 RU6 (14.3.9210.6000), may be susceptible to a Elevation of Privilege vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated
CVE-2024-57062 1 Soundcloud 1 Soundcloud 2025-04-03 6.7 Medium
An issue in SoundCloud IOS application v.7.65.2 allows a local attacker to escalate privileges and obtain sensitive information via the session handling component.
CVE-2024-13067 1 Codeastro 1 Online Food Ordering System 2025-04-03 5.3 Medium
A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-27207 1 Google 1 Android 2025-04-03 9.1 Critical
Exported broadcast receivers allowing malicious apps to bypass broadcast protection.
CVE-2024-27222 1 Google 1 Android 2025-04-03 7.8 High
In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-27233 1 Google 1 Android 2025-04-03 7.8 High
In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-25987 1 Google 1 Android 2025-04-03 6.7 Medium
In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVE-2025-25872 1 Openpanel 1 Openpanel 2025-04-03 5.5 Medium
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
CVE-2025-2090 1 Phpgurukul 1 Pre-school Enrollment System 2025-04-03 4.7 Medium
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-subadmin.php of the component Sub Admin Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2005-4850 1 Ez 1 Ez Publish 2025-04-03 N/A
eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
CVE-1999-0227 1 Microsoft 1 Windows Nt 2025-04-03 N/A
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
CVE-2003-1495 1 Hp 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent 2025-04-03 N/A
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
CVE-2005-2454 1 Ibm 1 Lotus Notes 2025-04-03 N/A
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
CVE-1999-0496 1 Microsoft 1 Windows Nt 2025-04-03 N/A
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
CVE-2006-0697 1 Zen-cart 1 Zen Cart 2025-04-03 N/A
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVE-2006-2775 1 Mozilla 2 Firefox, Thunderbird 2025-04-03 N/A
Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL.
CVE-2006-0700 1 Imagevue 1 Imagevue 2025-04-03 N/A
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
CVE-2005-4069 1 Sunncomm 1 Mediamax Drm 2025-04-03 N/A
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe.
CVE-2006-2095 1 Phex 1 Phex 2025-04-03 N/A
Phex before 2.8.6 allows remote attackers to cause a denial of service (application hang) by initiating multiple chat requests to a single user and then logging off.