Total
2803 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47993 | 1 Microsoft | 3 Windows 11 24h2, Windows Server 2022 23h2, Windows Server 2025 | 2025-07-14 | N/A | 7.8 HIGH |
| Improper access control in Microsoft PC Manager allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2024-10363 | 1 Librechat | 1 Librechat | 2025-07-11 | N/A | 5.4 MEDIUM |
| In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions. | |||||
| CVE-2025-7210 | 1 Fabianros | 1 Library Management System | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-7190 | 1 Fabianros | 1 Library Management System | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-27207 | 1 Adobe | 1 Commerce B2b | 2025-07-11 | N/A | 6.5 MEDIUM |
| Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Improper Access Control vulnerability that could result in privilege escalation. A low privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction. | |||||
| CVE-2024-38291 | 1 Extremenetworks | 1 Xiq-se | 2025-07-11 | N/A | 8.8 HIGH |
| In XIQ-SE before 24.2.11, a low-privileged user may be able to access admin passwords, which could lead to privilege escalation. | |||||
| CVE-2025-6667 | 1 Anisha | 1 Car Rental System | 2025-07-11 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability was found in code-projects Car Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-20242 | 1 Cisco | 1 Unified Contact Center Enterprise | 2025-07-11 | N/A | 6.5 MEDIUM |
| A vulnerability in the Cloud Connect component of Cisco Unified Contact Center Enterprise (CCE) could allow an unauthenticated, remote attacker to read and modify data on an affected device. This vulnerability is due to a lack of proper authentication controls. An attacker could exploit this vulnerability by sending crafted TCP data to a specific port on an affected device. A successful exploit could allow the attacker to read or modify data on the affected device. | |||||
| CVE-2024-21302 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-07-10 | N/A | 6.7 MEDIUM |
| Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability. An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS), including a subset of Azure Virtual Machine SKUS. This vulnerability enables an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. Update: July 10, 2025 Microsoft has addressed this vulnerability for Windows 10 1507, Windows 10, version 1607, Windows 10, version 1809, and Windows Server 2016 and Windows Server 2018. This ensures that mitigations are available to protect all supported versions of Windows 10 and Windows 11 from this vulnerability. See the available mitigations and deployment guidelines described in KB5042562: Guidance for blocking rollback of virtualization-based security related updates. Update: August 13, 2024 Microsoft has released the August 2024 security updates that include an opt-in revocation policy mitigation to address this vulnerability. Customers running affected versions of Windows are encouraged to review KB5042562: Guidance for blocking rollback of virtualization-based security related updates to assess if this opt-in policy meets the needs of their environment before implementing this mitigation. There are risks associated with this mitigation that should be understood prior to applying it to your systems. Detailed information about these risks is also available in KB5042562. Details: A security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, and higher based systems including Azure Virtual Machines (VM) that support VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn. The vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful... See more at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21302 | |||||
| CVE-2025-33073 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 8.8 HIGH |
| Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-33056 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.5 HIGH |
| Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-21197 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 6.5 MEDIUM |
| Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content. | |||||
| CVE-2025-27738 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-10 | N/A | 6.5 MEDIUM |
| Improper access control in Windows Resilient File System (ReFS) allows an authorized attacker to disclose information over a network. | |||||
| CVE-2024-3279 | 1 Mintplexlabs | 1 Anythingllm | 2025-07-10 | N/A | 9.1 CRITICAL |
| An improper access control vulnerability exists in the mintplex-labs/anything-llm application, specifically within the import endpoint. This vulnerability allows an anonymous attacker, without an account in the application, to import their own database file, leading to the deletion or spoofing of the existing `anythingllm.db` file. By exploiting this vulnerability, attackers can serve malicious data to users or collect information about them. The vulnerability stems from the application's failure to properly restrict access to the data-import functionality, allowing unauthorized database manipulation. | |||||
| CVE-2024-44860 | 1 Solvait | 1 Solvait | 2025-07-10 | N/A | 7.5 HIGH |
| An information disclosure vulnerability in the /Letter/PrintQr/ endpoint of Solvait v24.4.2 allows attackers to access sensitive data via a crafted request. | |||||
| CVE-2024-46097 | 1 Testlink | 1 Testlink | 2025-07-10 | N/A | 8.1 HIGH |
| TestLink 1.9.20 is vulnerable to Incorrect Access Control in the TestPlan editing section. When a new TestPlan is created, an ID with an incremental value is automatically generated. Using the edit function you can change the tplan_id parameter to another ID. The application does not carry out a check on the user's permissions maing it possible to recover the IDs of all the TestPlans (even the administrative ones) and modify them even with minimal privileges. | |||||
| CVE-2025-29804 | 1 Microsoft | 1 Visual Studio 2022 | 2025-07-10 | N/A | 7.3 HIGH |
| Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-29810 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.5 HIGH |
| Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network. | |||||
| CVE-2025-32722 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-07-10 | N/A | 5.5 MEDIUM |
| Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally. | |||||
| CVE-2025-32714 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-07-10 | N/A | 7.8 HIGH |
| Improper access control in Windows Installer allows an authorized attacker to elevate privileges locally. | |||||