ReportizFlow
Filtered by vendor
Subscriptions
Total
340 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42943 | 1 Sap | 1 Sap Gui | 2025-08-12 | 4.5 Medium |
| SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP GUI for Windows. This could trigger automatic NTLM authentication, potentially exposing hashed credentials to an attacker. As a result, it has a high impact on the confidentiality. | ||||
| CVE-2024-6030 | 1 Tesla | 2 Model S, Model S Firmware | 2025-08-12 | N/A |
| Tesla Model S oFono Unnecessary Privileges Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sandbox on affected Tesla Model S vehicles. An attacker must first obtain the ability to execute code within the sandbox on the target system in order to exploit this vulnerability. The specific flaw exists within the oFono process. The process allows an attacker to modify interfaces. An attacker can leverage this vulnerability to bypass the iptables network sandbox. Was ZDI-CAN-23200. | ||||
| CVE-2024-49814 | 1 Ibm | 1 Security Verify Access | 2025-08-08 | 7.8 High |
| IBM Security Verify Access Appliance 10.0.0 through 10.0.3 could allow a locally authenticated user to increase their privileges due to execution with unnecessary privileges. | ||||
| CVE-2024-20435 | 1 Cisco | 9 Asyncos, Secure Web Appliance, Secure Web Appliance S196 and 6 more | 2025-08-08 | 8.8 High |
| A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | ||||
| CVE-2024-8266 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 4.4 Medium |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances. | ||||
| CVE-2024-7102 | 1 Gitlab | 1 Gitlab | 2025-08-06 | 9.6 Critical |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.0 which allows an attacker to trigger a pipeline as another user under certain circumstances. | ||||
| CVE-2025-20185 | 1 Cisco | 15 Asyncos, Secure Email And Web Manager M170, Secure Email And Web Manager M190 and 12 more | 2025-08-06 | 3.4 Low |
| A vulnerability in the implementation of the remote access functionality of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Cisco Secure Email Gateway, and Cisco Secure Web Appliance could allow an authenticated, local attacker to elevate privileges to root. The attacker must authenticate with valid administrator credentials. This vulnerability is due to an architectural flaw in the password generation algorithm for the remote access functionality. An attacker could exploit this vulnerability by generating a temporary password for the service account. A successful exploit could allow the attacker to execute arbitrary commands as root and access the underlying operating system. Note: The Security Impact Rating (SIR) for this vulnerability is Medium due to the unrestricted scope of information that is accessible to an attacker. | ||||
| CVE-2025-46116 | 2 Commscope, Ruckuswireless | 42 Ruckus C110, Ruckus E510, Ruckus H320 and 39 more | 2025-08-05 | 8.8 High |
| An issue was discovered in CommScope Ruckus Unleashed prior to 200.15.6.212.14 and 200.17.7.0.139, and in Ruckus ZoneDirector prior to 10.5.1.0.279, where an authenticated attacker can disable the passphrase requirement for a hidden CLI command `!v54!` via a management API call and then invoke it to escape the restricted shell and obtain a root shell on the controller. | ||||
| CVE-2020-26074 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2025-08-04 | 7.8 High |
| A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-20478 | 1 Cisco | 1 Application Policy Infrastructure Controller | 2025-08-01 | 6.5 Medium |
| A vulnerability in the software upgrade component of Cisco Application Policy Infrastructure Controller (APIC) and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an authenticated, remote attacker with Administrator-level privileges to install a modified software image, leading to arbitrary code injection on an affected system. This vulnerability is due to insufficient signature validation of software images. An attacker could exploit this vulnerability by installing a modified software image. A successful exploit could allow the attacker to execute arbitrary code on the affected system and elevate their privileges to root. Note: Administrators should always validate the hash of any upgrade image before uploading it to Cisco APIC and Cisco Cloud Network Controller. | ||||
| CVE-2024-27260 | 1 Ibm | 2 Aix, Vios | 2025-07-29 | 8.4 High |
| IBM AIX could 7.2, 7.3, VIOS 3.1, and VIOS 4.1 allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 283985. | ||||
| CVE-2024-31891 | 2 Ibm, Linux | 3 Spectrum Scale Container Native Storage Access, Storage Scale, Linux Kernel | 2025-07-25 | 7.8 High |
| IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system. | ||||
| CVE-2024-31890 | 1 Ibm | 1 I | 2025-07-17 | 7.8 High |
| IBM i 7.3, 7.4, and 7.5 product IBM TCP/IP Connectivity Utilities for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 288171. | ||||
| CVE-2024-11821 | 1 Langgenius | 1 Dify | 2025-07-14 | N/A |
| A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint /console/api/apps/{chatbot-id}/model-config, allowing unauthorized users to alter chatbot configurations. | ||||
| CVE-2025-23009 | 1 Sonicwall | 1 Netextender | 2025-07-13 | 7.2 High |
| A local privilege escalation vulnerability in SonicWall NetExtender Windows (32 and 64 bit) client which allows an attacker to trigger an arbitrary file deletion. | ||||
| CVE-2024-12673 | 1 Lenovo | 1 Vantage | 2025-07-13 | 7.8 High |
| An improper privilege vulnerability was reported in a BIOS customization feature of Lenovo Vantage on SMB notebook devices which could allow a local attacker to elevate privileges on the system. This vulnerability only affects Vantage installed on these devices: * Lenovo V Series (Gen 5) * ThinkBook 14 (Gen 6, 7) * ThinkBook 16 (Gen 6, 7) * ThinkPad E Series (Gen 1) | ||||
| CVE-2021-38118 | 1 Opentext | 1 Imanager | 2025-07-13 | 5.5 Medium |
| Possible improper input validation Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager 3.2.4.0000. | ||||
| CVE-2025-23008 | 1 Sonicwall | 1 Netextender | 2025-07-12 | 7.2 High |
| An improper privilege management vulnerability in the SonicWall NetExtender Windows (32 and 64 bit) client allows a low privileged attacker to modify configurations. | ||||
| CVE-2024-43583 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-08 | 7.8 High |
| Winlogon Elevation of Privilege Vulnerability | ||||
| CVE-2025-24331 | 2025-07-03 | 6.4 Medium | ||
| The Single RAN baseband OAM service is intended to run as an unprivileged service. However, it initially starts with root privileges and assigns certain capabilities before dropping to an unprivileged level. The capabilities retained from the root period are considered extensive after the privilege drop and, in theory, could potentially allow actions beyond the intended scope of the OAM service. These actions could include gaining root privileges, accessing root-owned files, modifying them as the file owner, and then returning them to root ownership. This issue has been corrected starting from release 24R1-SR 0.2 MP and later. Beginning with release 24R1-SR 0.2 MP, the OAM service software capabilities are restricted to the minimum necessary. | ||||