Export limit exceeded: 11099 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11099 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4535 | 1 Gosuncntech | 1 Group Audio-visual Integrated Management | 2025-07-08 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-53532 | 2025-07-08 | 5.3 Medium | ||
| giscus is a commenting system powered by GitHub Discussions. A bug in giscus' discussions creation API allowed an unauthorized user to create discussions on any repository where giscus is installed. This affects the server-side part of giscus, which is provided via http://giscus.app or your own self-hosted service. This vulnerability is fixed by the c43af7806e65adfcf4d0feeebef76dc36c95cb9a and 4b9745fe1a326ce08d69f8a388331bc993d19389 commits. | ||||
| CVE-2012-5864 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | N/A |
| These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges. | ||||
| CVE-2024-49049 | 1 Microsoft | 1 Remote Ssh | 2025-07-08 | 7.1 High |
| Visual Studio Code Remote Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-49044 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-08 | 6.7 Medium |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2024-43602 | 1 Microsoft | 1 Azure Cyclecloud | 2025-07-08 | 9.9 Critical |
| Azure CycleCloud Remote Code Execution Vulnerability | ||||
| CVE-2024-43530 | 1 Microsoft | 5 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 2 more | 2025-07-08 | 7.8 High |
| Windows Update Stack Elevation of Privilege Vulnerability | ||||
| CVE-2024-38204 | 1 Microsoft | 1 Azure Functions | 2025-07-08 | 7.5 High |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-43590 | 1 Microsoft | 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 | 2025-07-08 | 7.8 High |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability | ||||
| CVE-2024-43456 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-08 | 4.8 Medium |
| Windows Remote Desktop Services Tampering Vulnerability | ||||
| CVE-2024-38124 | 1 Microsoft | 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more | 2025-07-08 | 9 Critical |
| Windows Netlogon Elevation of Privilege Vulnerability | ||||
| CVE-2024-38129 | 1 Microsoft | 1 Windows Server 2022 23h2 | 2025-07-08 | 7.5 High |
| Windows Kerberos Elevation of Privilege Vulnerability | ||||
| CVE-2024-38139 | 1 Microsoft | 1 Dataverse | 2025-07-08 | 8.7 High |
| Improper authentication in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2024-43503 | 1 Microsoft | 1 Sharepoint Server | 2025-07-08 | 7.8 High |
| Microsoft SharePoint Elevation of Privilege Vulnerability | ||||
| CVE-2024-11283 | 1 Chimpgroup | 1 Jobcareer | 2025-07-08 | 7.5 High |
| The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to wp_ajax_google_api_login_callback function not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to access arbitrary candidate accounts. | ||||
| CVE-2024-11286 | 1 Chimpgroup | 1 Jobcareer | 2025-07-08 | 9.8 Critical |
| The WP JobHunt plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.1. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the cs_parse_request() function. This makes it possible for unauthenticated attackers to to log in to any user's account, including administrators. | ||||
| CVE-2025-20264 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Software | 2025-07-08 | 6.4 Medium |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions. This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. | ||||
| CVE-2025-32877 | 1 Yftech | 2 Coros Pace 3, Coros Pace 3 Firmware | 2025-07-08 | 9.8 Critical |
| An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This method does not implement any authentication, which therefore allows machine-in-the-middle attacks. Furthermore, this lack of authentication allows attackers to interact with the device via BLE without requiring prior authorization. | ||||
| CVE-2025-32879 | 1 Yftech | 2 Coros Pace 3, Coros Pace 3 Firmware | 2025-07-08 | 8.8 High |
| An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other device is connected. While connected, none of the BLE services and characteristics of the device require any authentication or security level. Therefore, any characteristic, depending on their mode of operation (read/write/notify), can be used by the connected attacker. This allows, for example, configuring the device, sending notifications, resetting the device to factory settings, or installing software. | ||||
| CVE-2025-5820 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | 8.8 High |
| Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of Bluetooth ERTM channel communication. The issue results from improper channel data initialization. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26285. | ||||