Total
1587 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21520 | 1 Oracle | 2 Mysql Cluster, Mysql Server | 2025-11-03 | N/A | 1.8 LOW |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read ...
Show More |
|||||
| CVE-2025-43268 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 7.8 HIGH |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges.
|
|||||
| CVE-2025-43266 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.1 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.
|
|||||
| CVE-2025-43247 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 5.5 MEDIUM |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app with root privileges may be able to modify the contents of system files.
|
|||||
| CVE-2025-43243 | 1 Apple | 1 Macos | 2025-11-03 | N/A | 9.8 CRITICAL |
|
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to modify protected parts of the file system.
|
|||||
| CVE-2025-30688 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availabi ...
Show More |
|||||
| CVE-2025-30687 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availabi ...
Show More |
|||||
| CVE-2025-30685 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Avail ...
Show More |
|||||
| CVE-2025-30684 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Avail ...
Show More |
|||||
| CVE-2025-30683 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Avail ...
Show More |
|||||
| CVE-2025-30682 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 6.5 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availabi ...
Show More |
|||||
| CVE-2025-26469 | 1 Meddream | 1 Pacs Server | 2025-11-03 | N/A | 9.3 CRITICAL |
|
An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840.
A specially crafted application can decrypt credentials stored in a configuration-related registry key.
An attacker can execute a malicious script or application to exploit this vulnerability.
|
|||||
| CVE-2025-21585 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availab ...
Show More |
|||||
| CVE-2025-21584 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability ...
Show More |
|||||
| CVE-2025-21581 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availab ...
Show More |
|||||
| CVE-2025-21580 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability ...
Show More |
|||||
| CVE-2025-21579 | 1 Oracle | 1 Mysql Server | 2025-11-03 | N/A | 4.9 MEDIUM |
|
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabil ...
Show More |
|||||
| CVE-2025-10541 | 2025-11-03 | N/A | 7.8 HIGH | ||
|
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to pr ...
Show More |
|||||
| CVE-2021-23874 | 1 Mcafee | 1 Total Protection | 2025-11-03 | 4.6 MEDIUM | 8.2 HIGH |
|
Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.
|
|||||
| CVE-2022-22960 | 2 Linux, Vmware | 6 Linux Kernel, Cloud Foundation, Identity Manager and 3 more | 2025-10-30 | 7.2 HIGH | 7.8 HIGH |
|
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
|
|||||
| CVE-2025-1731 | 1 Zyxel | 9 Uos, Usg Flex 100h, Usg Flex 100hp and 6 more | 2025-10-30 | N/A | 7.8 HIGH |
|
An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and t ...
Show More |
|||||
| CVE-2025-54546 | 2025-10-30 | N/A | 7.5 HIGH | ||
|
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
|
|||||
| CVE-2025-54545 | 2025-10-30 | N/A | 7.8 HIGH | ||
|
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
|
|||||
| CVE-2025-12147 | 2025-10-30 | N/A | N/A | ||
|
In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields.
When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the object is correctly removed from the _source returned by search operations. However, the object members (i.e., child attributes) remain accessible to search queries. This exposure allows adversaries to infer or reconstruct the original contents of the excluded ...
Show More |
|||||
| CVE-2025-11906 | 2025-10-30 | N/A | 6.7 MEDIUM | ||
|
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service initialization.
|
|||||
| CVE-2025-12148 | 2025-10-30 | N/A | N/A | ||
|
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address).
While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field.
Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) pr ...
Show More |
|||||
| CVE-2024-25646 | 1 Sap | 1 Businessobjects Web Intelligence | 2025-10-29 | N/A | 7.7 HIGH |
|
Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application.
|
|||||
| CVE-2025-62688 | 2025-10-27 | N/A | 7.1 HIGH | ||
|
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.
|
|||||
| CVE-2018-13374 | 1 Fortinet | 2 Fortiadc, Fortios | 2025-10-24 | 4.0 MEDIUM | 4.3 MEDIUM |
|
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
|
|||||
| CVE-2025-0066 | 1 Sap | 1 Sap Basis | 2025-10-23 | N/A | 9.9 CRITICAL |
|
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application
|
|||||
| CVE-2025-0064 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2025-10-23 | N/A | 8.7 HIGH |
|
Under specific conditions, the Central Management Console of the SAP BusinessObjects Business Intelligence platform allows an attacker with admin rights to generate or retrieve a secret passphrase, enabling them to impersonate any user in the system. This results in a high impact on confidentiality and integrity, with no impact on availability.
|
|||||
| CVE-2025-45468 | 1 Devsapp | 1 Fc-stable-diffusion | 2025-10-21 | N/A | 8.8 HIGH |
|
Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
|
|||||
| CVE-2025-12004 | 2025-10-21 | N/A | N/A | ||
|
Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42.
|
|||||
| CVE-2024-45497 | 2025-10-21 | N/A | 7.6 HIGH | ||
|
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and pot ...
Show More |
|||||
| CVE-2025-45150 | 1 X-d Lab | 1 Langchain-chatglm-webui | 2025-10-17 | N/A | 9.8 CRITICAL |
|
Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive files via supplying a crafted request.
|
|||||
| CVE-2025-31702 | 2025-10-16 | N/A | 6.8 MEDIUM | ||
|
A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected.
|
|||||
| CVE-2025-57741 | 1 Fortinet | 1 Forticlient | 2025-10-15 | N/A | 7.8 HIGH |
|
An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking.
|
|||||
| CVE-2025-45471 | 1 Lumigo | 1 Measure-cold-start | 2025-10-14 | N/A | 8.8 HIGH |
|
Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account.
|
|||||
| CVE-2025-45472 | 1 Lumigo | 1 Autodeploy-layer | 2025-10-14 | N/A | 8.8 HIGH |
|
Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account.
|
|||||
| CVE-2025-8886 | 2025-10-14 | N/A | 6.7 MEDIUM | ||
|
Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs Interaktif: from 2024 through 28082025.
|
|||||