Search Results (9603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4276 1 House Rental System Project 1 House Rental System 2025-04-15 6.3 Medium
A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.
CVE-2022-4280 1 Dottech 1 Smart Campus System 2025-04-15 4.3 Medium
A vulnerability, which was classified as problematic, has been found in Dot Tech Smart Campus System. Affected by this issue is some unknown functionality of the file /services/Card/findUser. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-214778 is the identifier assigned to this vulnerability.
CVE-2022-4281 1 Facepay Project 1 Facepay 2025-04-15 6.3 Medium
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /face-recognition-php/facepay-master/camera.php. The manipulation of the argument userId leads to authorization bypass. The attack can be launched remotely. The identifier VDB-214789 was assigned to this vulnerability.
CVE-2022-3876 1 Clickstudios 1 Passwordstate 2025-04-15 4.3 Medium
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. This issue affects some unknown processing of the file /api/browserextension/UpdatePassword/ of the component API. The manipulation of the argument PasswordID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-216245 was assigned to this vulnerability.
CVE-2022-4613 1 Clickstudios 1 Passwordstate 2025-04-15 5 Medium
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as critical. This issue affects some unknown processing of the component Browser Extension Provisioning. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216275.
CVE-2023-36569 1 Microsoft 3 365 Apps, Office, Office Long Term Servicing Channel 2025-04-14 8.4 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2023-36721 1 Microsoft 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more 2025-04-14 7 High
Windows Error Reporting Service Elevation of Privilege Vulnerability
CVE-2022-37706 1 Enlightenment 1 Enlightenment 2025-04-14 7.8 High
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVE-2022-4314 1 Ikus-soft 1 Rdiffweb 2025-04-14 9.8 Critical
Improper Privilege Management in GitHub repository ikus060/rdiffweb prior to 2.5.2.
CVE-2022-4173 1 Avast 2 Avast, Avg Antivirus 2025-04-14 7.3 High
A vulnerability within the malware removal functionality of Avast and AVG Antivirus allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avast and AVG Antivirus version 22.10.
CVE-2024-31551 1 Cmseasy 1 Cmseasy 2025-04-14 7.5 High
Directory Traversal vulnerability in lib/admin/image.admin.php in cmseasy v7.7.7.9 20240105 allows attackers to delete arbitrary files via crafted GET request.
CVE-2014-8270 1 Bmc 1 Track-it\! 2025-04-12 N/A
BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.
CVE-2014-5020 1 Drupal 1 Drupal 2025-04-12 N/A
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read files by attaching the file to content with a file field.
CVE-2015-5413 1 Hp 1 Version Control Repository Manager 2025-04-12 N/A
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors.
CVE-2016-7246 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
CVE-2014-4869 1 Brocade 2 Vyatta 5400 Vrouter, Vyatta 5400 Vrouter Software 2025-04-12 N/A
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.
CVE-2013-4577 1 Gnu 1 Grub 2025-04-12 N/A
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the file.
CVE-2015-0149 1 Ibm 1 Api Management 2025-04-12 N/A
The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls.
CVE-2014-9644 5 Canonical, Debian, Linux and 2 more 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more 2025-04-12 N/A
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the salg_name field, as demonstrated by the vfat(aes) expression, a different vulnerability than CVE-2013-7421.
CVE-2016-2490 1 Google 1 Android 2025-04-12 N/A
The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27533373.