Total
4021 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47161 | 1 Microsoft | 1 Defender For Endpoint | 2025-09-10 | 7.8 High |
| Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-33072 | 1 Microsoft | 1 Msagsfeedback.azurewebsites.net | 2025-09-10 | 8.1 High |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2025-29973 | 1 Microsoft | 1 Azure File Sync | 2025-09-10 | 7 High |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21293 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 8.8 High |
| Active Directory Domain Services Elevation of Privilege Vulnerability | ||||
| CVE-2025-21185 | 1 Microsoft | 1 Edge Chromium | 2025-09-09 | 6.5 Medium |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2025-21380 | 1 Microsoft | 1 Azure Marketplace | 2025-09-09 | 8.8 High |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | ||||
| CVE-2025-21340 | 1 Microsoft | 10 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 7 more | 2025-09-09 | 5.5 Medium |
| Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | ||||
| CVE-2025-21213 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-09-09 | 4.6 Medium |
| Secure Boot Security Feature Bypass Vulnerability | ||||
| CVE-2025-21202 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-09-09 | 6.1 Medium |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability | ||||
| CVE-2025-21405 | 1 Microsoft | 1 Visual Studio 2022 | 2025-09-09 | 7.3 High |
| Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2025-21301 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-09-09 | 6.5 Medium |
| Windows Geolocation Service Information Disclosure Vulnerability | ||||
| CVE-2025-10093 | 1 D-link | 1 Dir-852 | 2025-09-09 | 5.3 Medium |
| A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-10116 | 2025-09-09 | 7.3 High | ||
| A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-55371 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method. | ||||
| CVE-2025-55368 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 8.8 High |
| Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | ||||
| CVE-2025-55366 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack. | ||||
| CVE-2025-55367 | 1 Jishenghua | 1 Jsherp | 2025-09-09 | 5.3 Medium |
| Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. | ||||
| CVE-2025-50434 | 2025-09-09 | 5.3 Medium | ||
| A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information. NOTE: this has been disputed because the CVE Record information does not originate from the Supplier, and the report lacks specificity about why a problem exists, how the behavior could be reproduced, and whether any action could be taken to resolve the problem. | ||||
| CVE-2025-10081 | 2 Mayuri K, Sourcecodester | 2 Pet Grooming Management Software, Pet Management System | 2025-09-09 | 4.7 Medium |
| A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-10072 | 1 Portabilis | 1 I-educar | 2025-09-09 | 6.3 Medium |
| A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||