Page 5 of 5006 results (0.090 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

10 Sep 2025 — Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One (C-Werk) 2.0.8 and earlier on Windows and Linux allows a remote attacker to escalate privileges, execute arbitrary code, or cause denial-of-service via exploitation of multiple known CVEs present in PostgreSQL v10.x, which are resolved in PostgreSQL 17.4. Dependency on Vulnerable Third-Party Component (CWE-1395) in the PostgreSQL backend in AxxonSoft Axxon One 2.0.8 and earlier on Windows... • https://www.axxonsoft.com/legal/axxonsoft-vulnerability-disclosure-policy/security-advisories • CWE-1395: Dependency on Vulnerable Third-Party Component •

CVSS: 7.8EPSS: 0%CPEs: -EXPL: 0

10 Sep 2025 — The eudskacs.sys driver version 20250328 shipped with EaseUs Todo Backup 1.2.0.1 fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This allows a local, low-privileged attacker to perform arbitrary raw disk reads and writes, leading to sensitive information disclosure, denial of service, or local privilege escalation. • http://easeus.com • CWE-269: Improper Privilege Management •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

09 Sep 2025 — If the executable is running with elevated privileges (for example, due to having the `setuid` bit set), the code in the injected module is also executed with the said elevated privileges, resulting in a local privilege escalation. • https://github.com/pyinstaller/pyinstaller/commit/f5adf291c8b832d5aff7632844f7e3ddf7ad4923 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1

09 Sep 2025 — If the password is cracked, or if a valid JWT token is present in the database, an unauthenticated attacker can escalate their privileges to obtain administrative control over the application. • https://github.com/Tautulli/Tautulli/commit/ec77a70aafc555e1aad0d9981f719d1200c117f1 • CWE-27: Path Traversal: 'dir/../../filename' •

CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 1

09 Sep 2025 — If the password is cracked, or if a valid JWT token is present in the database, an unauthenticated attacker can escalate their privileges to obtain administrative control over the application. • https://github.com/Tautulli/Tautulli/commit/47566128e2e5dde98980d59b7a51b98173bc0b40 • CWE-23: Relative Path Traversal •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

09 Sep 2025 — A local privilege escalation vulnerability exists in Sunshine for Windows (version v2025.122.141614 and likely prior versions) due to an unquoted service path. • https://github.com/LizardByte/Sunshine/security/advisories/GHSA-r3rw-mx4q-7vfp • CWE-428: Unquoted Search Path or Element •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0

09 Sep 2025 — The affected devices allow a factory reset to be executed without the required privileges due to improper privilege management as well as manipulation of configuration data because of leaked privileges of previous sessions. This could allow an unauthorized attacker to escalate their privileges. • https://cert-portal.siemens.com/productcert/html/ssa-027652.html • CWE-269: Improper Privilege Management •

CVSS: 3.1EPSS: 0%CPEs: -EXPL: 0

09 Sep 2025 — Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. • https://me.sap.com/notes/3635587 • CWE-862: Missing Authorization •

CVSS: 3.1EPSS: 0%CPEs: -EXPL: 0

09 Sep 2025 — Due to missing authorization checks, SAP HCM My Timesheet Fiori 2.0 application allows an authenticated attacker with in-depth system knowledge to escalate privileges and perform activities that are otherwise restricted, resulting in a low impact on the integrity of the application. • https://me.sap.com/notes/3635587 • CWE-862: Missing Authorization •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

08 Sep 2025 — Prior to version 2.4.0, a malicious actor with Editor privileges can escalate their privileges to Administrator and perform arbitrary administrative actions. • https://github.com/VolkovLabs/business-links/commit/9d203a6950de7860e11b25e4265ed8fe60082d7d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-83: Improper Neutralization of Script in Attributes in a Web Page •