Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-29343 | 1 Microsoft | 1 Windows Sysmon | 2025-07-10 | 7.8 High |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | ||||
| CVE-2023-24946 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-07-10 | 7.8 High |
| Windows Backup Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-24899 | 1 Microsoft | 3 Windows 11 21h2, Windows 11 22h2, Windows Server 2022 | 2025-07-10 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-28283 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-07-10 | 8.1 High |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | ||||
| CVE-2024-38137 | 1 Microsoft | 8 Windows 10 21h2, Windows 10 22h2, Windows 11 21h2 and 5 more | 2025-07-10 | 7 High |
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability | ||||
| CVE-2024-38131 | 1 Microsoft | 16 Remote Desktop Client, Windows 10 1507, Windows 10 1607 and 13 more | 2025-07-10 | 8.8 High |
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability | ||||
| CVE-2024-38098 | 1 Microsoft | 1 Azure Connected Machine Agent | 2025-07-10 | 7.8 High |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-38084 | 1 Microsoft | 1 Officeplus | 2025-07-10 | 7.8 High |
| Microsoft OfficePlus Elevation of Privilege Vulnerability | ||||
| CVE-2024-36755 | 2 D-link, Dlink | 3 Dir-1950 Firmware, Dir-1950, Dir-1950 Firmware | 2025-07-09 | 6.8 Medium |
| D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. | ||||
| CVE-2025-26058 | 1 Webkul | 1 Qloapps | 2025-07-09 | 4.2 Medium |
| Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL. | ||||
| CVE-2024-49051 | 1 Microsoft | 1 Pc Manager | 2025-07-08 | 7.8 High |
| Microsoft PC Manager Elevation of Privilege Vulnerability | ||||
| CVE-2024-43633 | 1 Microsoft | 3 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 | 2025-07-08 | 6.5 Medium |
| Windows Hyper-V Denial of Service Vulnerability | ||||
| CVE-2024-38264 | 1 Microsoft | 5 Windows 11 22h2, Windows 11 23h2, Windows 11 24h2 and 2 more | 2025-07-08 | 5.9 Medium |
| Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | ||||
| CVE-2024-38097 | 1 Microsoft | 1 Azure Monitor Agent | 2025-07-08 | 7.1 High |
| Azure Monitor Agent Elevation of Privilege Vulnerability | ||||
| CVE-2024-42759 | 1 Ellevo | 1 Ellevo | 2025-07-03 | 6.3 Medium |
| An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. | ||||
| CVE-2024-36486 | 1 Parallels | 1 Parallels Desktop | 2025-07-02 | 7.8 High |
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. | ||||
| CVE-2024-52561 | 1 Parallels | 1 Parallels Desktop | 2025-07-02 | 7.8 High |
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation. | ||||
| CVE-2024-54189 | 1 Parallels | 1 Parallels Desktop | 2025-07-02 | 7.8 High |
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. | ||||
| CVE-2025-3637 | 1 Moodle | 1 Moodle | 2025-06-24 | 3.1 Low |
| A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. | ||||
| CVE-2020-3432 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2025-06-24 | 5.6 Medium |
| A vulnerability in the uninstaller component of Cisco AnyConnect Secure Mobility Client for Mac OS could allow an authenticated, local attacker to corrupt the content of any file in the filesystem. The vulnerability is due to the incorrect handling of directory paths. An attacker could exploit this vulnerability by creating a symbolic link (symlink) to a target file on a specific path. A successful exploit could allow the attacker to corrupt the contents of the file. If the file is a critical systems file, the exploit could lead to a denial of service condition. To exploit this vulnerability, the attacker would need to have valid credentials on the system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||