| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Windows Installer Elevation of Privilege Vulnerability |
| SysInternals Sysmon for Windows Elevation of Privilege Vulnerability |
| Windows Backup Service Elevation of Privilege Vulnerability |
| Windows Graphics Component Elevation of Privilege Vulnerability |
| Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
| Windows Resource Manager PSM Service Extension Elevation of Privilege Vulnerability |
| Clipboard Virtual Channel Extension Remote Code Execution Vulnerability |
| Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| Microsoft OfficePlus Elevation of Privilege Vulnerability |
| D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle attack. |
| Webkul QloApps v1.6.1 exposes authentication tokens in URLs during redirection. When users access the admin panel or other protected areas, the application appends sensitive authentication tokens directly to the URL. |
| Microsoft PC Manager Elevation of Privilege Vulnerability |
| Windows Hyper-V Denial of Service Vulnerability |
| Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability |
| Azure Monitor Agent Elevation of Privilege Vulnerability |
| An issue in Ellevo v.6.2.0.38160 allows a remote attacker to escalate privileges via the /api/usuario/cadastrodesuplente endpoint. |
| A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. |
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation. |
| A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. |
| A security vulnerability was found in Moodle where confidential information that prevents cross-site request forgery (CSRF) attacks was shared publicly through the site's URL. This vulnerability occurred specifically on two types of pages within the mod_data module: edit and delete pages. |