Total
112 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-49731 | 2025-07-08 | 3.1 Low | ||
| Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-29826 | 1 Microsoft | 1 Dataverse | 2025-07-08 | 7.3 High |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-51459 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-07-07 | 8.4 High |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||||
| CVE-2024-29852 | 1 Veeam | 2 Backup Enterprise Manager, Veeam Backup \& Replication | 2025-07-03 | N/A |
| Veeam Backup Enterprise Manager allows high-privileged users to read backup session logs. | ||||
| CVE-2025-27024 | 2025-07-03 | 6.5 Medium | ||
| Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used for SSH CLI access and are able to read all files according to the OS permission instead of remaining inside the chrooted directory position. | ||||
| CVE-2025-27025 | 2025-07-03 | 8.8 High | ||
| The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root. Using Postman it is possible to perform a Directory Traversal attack and write files into any location of the device file system. Similarly to the PUT method, it is possible to leverage the same mechanism to read any file from the file system by using the GET method. | ||||
| CVE-2025-46708 | 2025-07-01 | 4.3 Medium | ||
| Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU. | ||||
| CVE-2025-22256 | 1 Fortinet | 2 Fortipam, Fortisra | 2025-06-12 | 6 Medium |
| A improper handling of insufficient permissions or privileges in Fortinet FortiPAM 1.4.0 through 1.4.1, 1.3.0, 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSRA 1.4.0 through 1.4.1 allows attacker to improper access control via specially crafted HTTP requests | ||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | 7.8 High |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-2503 | 2025-06-02 | 7.1 High | ||
| An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | ||||
| CVE-2025-25179 | 2025-06-02 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. | ||||
| CVE-2023-32207 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-05-27 | 8.8 High |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2025-30453 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-25844 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | 7.5 High |
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | ||||
| CVE-2025-3931 | 1 Redhat | 2 Enterprise Linux, Satellite | 2025-05-21 | 7.8 High |
| A flaw was found in Yggdrasil, which acts as a system broker, allowing the processes to communicate to other children's "worker" processes through the DBus component. Yggdrasil creates a DBus method to dispatch messages to workers. However, it misses authentication and authorization checks, allowing every system user to call it. One available Yggdrasil worker acts as a package manager with capabilities to create and enable new repositories and install or remove packages. This flaw allows an attacker with access to the system to leverage the lack of authentication on the dispatch message to force the Yggdrasil worker to install arbitrary RPM packages. This issue results in local privilege escalation, enabling the attacker to access and modify sensitive system data. | ||||
| CVE-2025-46740 | 2025-05-12 | 7.5 High | ||
| An authenticated user without user administrative permissions could change the administrator Account Name. | ||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.8 High |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 8.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-25108 | 1 Pixelfed | 1 Pixelfed | 2025-05-07 | 9.9 Critical |
| Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||