Export limit exceeded: 364863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2570 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24671 | 2 Microsoft, Vxsearch | 2 Windows, Vx Search | 2025-02-26 | 7.8 High |
| VX Search v13.8 and v14.7 was discovered to contain an unquoted service path vulnerability which allows attackers to execute arbitrary commands at elevated privileges via a crafted executable file. | ||||
| CVE-2023-28759 | 1 Veritas | 1 Netbackup | 2025-02-25 | 7.8 High |
| An issue was discovered in Veritas NetBackup before 10.0 on Windows. A vulnerability in the way the client validates the path to a DLL prior to loading may allow a lower-level user to elevate privileges and compromise the system. | ||||
| CVE-2022-26374 | 1 Intel | 1 Single Event Api | 2025-02-25 | 7.8 High |
| Uncontrolled search path in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-28596 | 1 Zoom | 1 Meetings | 2025-02-19 | 7.8 High |
| Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. | ||||
| CVE-2022-48225 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is used to install drivers from several different vendors. The Gemalto Document Reader child installation process is vulnerable to DLL hijacking, because it attempts to execute (with elevated privileges) multiple non-existent DLLs out of a non-existent standard-user writable location. | ||||
| CVE-2022-48224 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.3 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. It is installed with insecure permissions (full write access within Program Files). Standard users can replace files within this directory that get executed with elevated privileges, leading to a complete arbitrary code execution (elevation of privileges). | ||||
| CVE-2022-48223 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 6.7 Medium |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK repair, certutil.exe is called by the Acuant installer to repair certificates. This call is vulnerable to DLL hijacking due to a race condition and insecure permissions on the executing directory. | ||||
| CVE-2022-48222 | 1 Gbgplc | 1 Acuant Acufill Sdk | 2025-02-18 | 7.8 High |
| An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During SDK installation, certutil.exe is called by the Acuant installer to install certificates. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges). | ||||
| CVE-2022-28688 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17201. | ||||
| CVE-2022-28687 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16257. | ||||
| CVE-2022-28686 | 1 Aveva | 1 Aveva Edge | 2025-02-18 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of AVEVA Edge 2020 SP2 Patch 0(4201.2111.1802.0000). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of APP files. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-17114. | ||||
| CVE-2023-27759 | 1 Wondershare | 1 Edrawmind | 2025-02-14 | 7.8 High |
| An issue found in Wondershare Technology Co, Ltd Edrawmind v.10.0.6 allows a remote attacker to executea arbitrary commands via the WindowsCodescs.dll file. | ||||
| CVE-2023-27766 | 1 Wondershare | 1 Anireel | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co.,Ltd Anireel 1.5.4 allows a remote attacker to execute arbitrary commands via the anireel_setup_full9589.exe file. | ||||
| CVE-2023-27765 | 1 Wondershare | 1 Recoverit | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co.,Ltd Recoverit v.10.6.3 allows a remote attacker to execute arbitrary commands via the recoverit_setup_full4134.exe file. | ||||
| CVE-2023-27764 | 1 Wondershare | 1 Repairit | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co.,Ltd Repairit v.3.5.4 allows a remote attacker to execute arbitrary commands via the repairit_setup_full5913.exe file. | ||||
| CVE-2023-27763 | 1 Wondershare | 1 Mobiletrans | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co.,Ltd MobileTrans v.4.0.2 allows a remote attacker to execute arbitrary commands via the mobiletrans_setup_full5793.exe file. | ||||
| CVE-2023-27762 | 1 Wondershare | 1 Democreator | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co., Ltd DemoCreator v.6.0.0 allows a remote attacker to execute arbitrary commands via the democreator_setup_full7743.exe file. | ||||
| CVE-2023-27761 | 1 Wondershare | 1 Uniconverter | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co., Ltd UniConverter v.14.0.0 allows a remote attacker to execute arbitrary commands via the uniconverter14_64bit_setup_full14204.exe file. | ||||
| CVE-2023-27760 | 1 Wondershare | 1 Filmora | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co, Ltd Filmora v.12.0.9 allows a remote attacker to execute arbitrary commands via the filmora_setup_full846.exe. | ||||
| CVE-2023-27771 | 1 Wondershare | 1 Creative Centerr | 2025-02-13 | 7.8 High |
| An issue found in Wondershare Technology Co.,Ltd Creative Centerr v.1.0.8 allows a remote attacker to execute arbitrary commands via the wondershareCC_setup_full10819.exe file. | ||||