| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. |
| Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Specific UEFI DBX update is required to block these vulnerable boot loaders. |
| The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded files against the endpoint's intended media type, allowing unauthenticated users to upload any file type accepted by WordPress's media library through endpoints that should only accept images or videos. |
| SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. |
| Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally. |
| Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally. |
| Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally. |
| Inappropriate implementation in DOM Distiller in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) |
| Microsoft Office Elevation of Privilege Vulnerability |
| WmsRepair Service Elevation of Privilege Vulnerability |
| Remote Desktop Client Remote Code Execution Vulnerability |
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| Microsoft System Center Elevation of Privilege Vulnerability |
| Improper access control in Imagine Cup allows an authorized attacker to elevate privileges over a network. |
| Visual C++ Redistributable Installer Elevation of Privilege Vulnerability |
| Windows Remote Desktop Services Tampering Vulnerability |
| Microsoft SharePoint Elevation of Privilege Vulnerability |
| Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium security severity: Low) |
| A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulation of the argument editormd-image-file causes unrestricted upload. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. |
| A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of the component Registration Endpoint. Performing a manipulation of the argument stimg results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet. |