Total
2834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-50069 | 1 Oracle | 1 Java Virtual Machine | 2025-08-04 | N/A | 7.7 HIGH |
| Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2025-50065 | 1 Oracle | 1 Graalvm For Jdk | 2025-08-04 | N/A | 3.7 LOW |
| Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Native Image). The supported version that is affected is Oracle GraalVM for JDK: 24.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2025-5954 | 2025-08-04 | N/A | 9.8 CRITICAL | ||
| The Service Finder SMS System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.0.0. This is due to the plugin not restricting user role selection at the time of registration through the aonesms_fn_savedata_after_signup() function. This makes it possible for unauthenticated attackers to register as an administrator user. | |||||
| CVE-2025-54595 | 2025-08-04 | N/A | 7.3 HIGH | ||
| Pearcleaner is a free, source-available and fair-code licensed mac app cleaner. The PearcleanerHelper is a privileged helper tool bundled with the Pearcleaner application. It is registered and activated only after the user approves a system prompt to allow privileged operations. Upon approval, the helper is configured as a LaunchDaemon and runs with root privileges. In versions 4.4.0 through 4.5.1, the helper registers an XPC service (com.alienator88.Pearcleaner.PearcleanerHelper) and accepts unauthenticated connections from any local process. It exposes a method that executes arbitrary shell commands. This allows any local unprivileged user to escalate privileges to root once the helper is approved and active. This issue is fixed in version 4.5.2. | |||||
| CVE-2024-58104 | 1 Trendmicro | 1 Apex One | 2025-08-01 | N/A | 7.3 HIGH |
| A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-43199 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 9.8 CRITICAL |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-43248 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-43249 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to gain root privileges. | |||||
| CVE-2025-43256 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. An app may be able to gain root privileges. | |||||
| CVE-2025-31243 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.7.7, macOS Ventura 13.7.7, macOS Sequoia 15.6. An app may be able to gain root privileges. | |||||
| CVE-2025-24119 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3, macOS Ventura 13.7.7, macOS Sonoma 14.7.7. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. | |||||
| CVE-2025-43188 | 1 Apple | 1 Macos | 2025-07-31 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-0651 | 1 Cloudflare | 1 Warp | 2025-07-31 | N/A | 7.1 HIGH |
| Improper Privilege Management vulnerability in Cloudflare WARP on Windows allows File Manipulation. User with a low system privileges can create a set of symlinks inside the C:\ProgramData\Cloudflare\warp-diag-partials folder. After triggering the 'Reset all settings" option the WARP service will delete the files that the symlink was pointing to. Given the WARP service operates with System privileges this might lead to deleting files owned by the System user. This issue affects WARP: before 2024.12.492.0. | |||||
| CVE-2024-48903 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-07-31 | N/A | 7.8 HIGH |
| An improper access control vulnerability in Trend Micro Deep Security Agent 20 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-2324 | 1 Progress | 1 Moveit Transfer | 2025-07-31 | N/A | 5.9 MEDIUM |
| Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2. | |||||
| CVE-2024-32849 | 2 Microsoft, Trendmicro | 3 Windows, Maximum Security 2022, Maximum Security 2023 | 2025-07-30 | N/A | 7.8 HIGH |
| Trend Micro Security 17.x (Consumer) is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own. | |||||
| CVE-2025-22165 | 1 Atlassian | 1 Sourcetree | 2025-07-30 | N/A | 7.3 HIGH |
| This Medium severity ACE (Arbitrary Code Execution) vulnerability was introduced in version 4.2.8 of Sourcetree for Mac. This ACE (Arbitrary Code Execution) vulnerability, with a CVSS Score of 5.9, allows a locally authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac users upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions. See the release notes https://www.sourcetreeapp.com/download-archives . You can download the latest version of Sourcetree for Mac from the download center https://www.sourcetreeapp.com/download-archives . This vulnerability was found through the Atlassian Bug Bounty Program by Karol Mazurek (AFINE). | |||||
| CVE-2021-3978 | 1 Cloudflare | 1 Octorpki | 2025-07-29 | N/A | 7.5 HIGH |
| When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow for a vector, when combined with another vulnerability that causes octorpki to process a malicious TAL file, for a local privilege escalation. | |||||
| CVE-2025-32353 | 2025-07-29 | N/A | 4.8 MEDIUM | ||
| Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file. | |||||
| CVE-2025-50062 | 1 Oracle | 1 Peoplesoft Enterprise Hcm Global Payroll Core | 2025-07-29 | N/A | 8.1 HIGH |
| Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Global Payroll for Core). Supported versions that are affected are 9.2.51 and 9.2.52. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Global Payroll Core. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise HCM Global Payroll Core accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Global Payroll Core accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | |||||