Total
4137 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-59230 | 1 Microsoft | 21 Remote, Windows, Windows 10 and 18 more | 2025-10-27 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2023-27350 | 1 Papercut | 2 Papercut Mf, Papercut Ng | 2025-10-27 | 9.8 Critical |
| This vulnerability allows remote attackers to bypass authentication on affected installations of PaperCut NG 22.0.5 (Build 63914). Authentication is not required to exploit this vulnerability. The specific flaw exists within the SetupCompleted class. The issue results from improper access control. An attacker can leverage this vulnerability to bypass authentication and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-18987. | ||||
| CVE-2020-2506 | 1 Qnap | 1 Helpdesk | 2025-10-27 | 7.3 High |
| The vulnerability have been reported to affect earlier versions of QTS. If exploited, this improper access control vulnerability could allow attackers to compromise the security of the software by gaining privileges, or reading sensitive information. This issue affects: QNAP Systems Inc. Helpdesk versions prior to 3.0.3. | ||||
| CVE-2025-12291 | 2025-10-27 | 4.7 Medium | ||
| A vulnerability was found in ashymuzuro Full-Ecommece-Website and Muzuro Ecommerce System up to 1.1.0. This affects an unknown part of the file /admin/index.php?add_product of the component Add Product Page. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-56219 | 1 Ascertia | 1 Signinghub | 2025-10-27 | 7.1 High |
| Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created. | ||||
| CVE-2025-62393 | 1 Moodle | 1 Moodle | 2025-10-27 | 4.3 Medium |
| A flaw was found in the course overview output function where user access permissions were not fully enforced. This could allow unauthorized users to view information about courses they should not have access to, potentially exposing limited course details. | ||||
| CVE-2025-62395 | 1 Moodle | 1 Moodle | 2025-10-27 | 4.3 Medium |
| A flaw in the cohort search web service allowed users with permissions in lower contexts to access cohort information from the system context, revealing restricted administrative data. | ||||
| CVE-2025-59500 | 1 Microsoft | 2 Azure, Azure Notification Service | 2025-10-27 | 7.7 High |
| Improper access control in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-62713 | 1 Kottster | 1 Kottster | 2025-10-27 | N/A |
| Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution (RCE) vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been fixed in version 3.3.2. | ||||
| CVE-2025-59273 | 1 Microsoft | 2 Azure, Azure Event Grid System | 2025-10-27 | 7.3 High |
| Improper access control in Azure Event Grid allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-59218 | 1 Microsoft | 1 Entra Id | 2025-10-24 | 9.6 Critical |
| Azure Entra ID Elevation of Privilege Vulnerability | ||||
| CVE-2025-59253 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1507 and 17 more | 2025-10-24 | 5.5 Medium |
| Improper access control in Microsoft Windows Search Component allows an authorized attacker to deny service locally. | ||||
| CVE-2025-58726 | 1 Microsoft | 10 Windows, Windows 10, Windows 11 and 7 more | 2025-10-24 | 7.5 High |
| Improper access control in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-58724 | 1 Microsoft | 5 Azure, Azure Agent, Azure Arc and 2 more | 2025-10-24 | 7.8 High |
| Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-58714 | 1 Microsoft | 10 Windows, Windows 10, Windows 11 and 7 more | 2025-10-24 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55694 | 1 Microsoft | 5 Windows, Windows 11, Windows Server and 2 more | 2025-10-24 | 7.8 High |
| Improper access control in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-55240 | 1 Microsoft | 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more | 2025-10-24 | 7.3 High |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-25004 | 1 Microsoft | 21 Powershell, Windows, Windows 10 and 18 more | 2025-10-24 | 7.3 High |
| Improper access control in Microsoft PowerShell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59494 | 1 Microsoft | 2 Azure, Azure Monitor Agent | 2025-10-24 | 7.8 High |
| Improper access control in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59201 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-10-24 | 7.8 High |
| Improper access control in Network Connection Status Indicator (NCSI) allows an authorized attacker to elevate privileges locally. | ||||