Search Results (9571 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0358 2 Debian, Tuxera 2 Debian Linux, Ntfs-3g 2025-12-04 7.8 High
Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write NTFS driver for FUSE, does not scrub the environment before executing modprobe with elevated privileges. A local user can take advantage of this flaw for local root privilege escalation.
CVE-2020-15861 3 Canonical, Net-snmp, Netapp 5 Ubuntu Linux, Net-snmp, Cloud Backup and 2 more 2025-12-03 7.8 High
Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.
CVE-2025-53900 2 Accellion, Kiteworks 2 Kiteworks Managed File Transfer, Mft 2025-12-03 6.5 Medium
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
CVE-2025-33188 1 Nvidia 3 Dgx, Dgx Os, Dgx Spark 2025-12-02 8 High
NVIDIA DGX Spark GB10 contains a vulnerability in hardware resources where an attacker could tamper with hardware controls. A successful exploit of this vulnerability might lead to information disclosure, data tampering, or denial of service.
CVE-2025-13576 2 Code-projects, Fabian 2 Eblog Site, Blog Site 2025-12-02 6.3 Medium
A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used. Multiple endpoints are affected.
CVE-2025-58302 1 Huawei 2 Emui, Harmonyos 2025-12-02 8.4 High
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-64315 1 Huawei 1 Harmonyos 2025-12-02 4.4 Medium
Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
CVE-2025-58315 1 Huawei 1 Harmonyos 2025-12-02 5.5 Medium
Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58312 1 Huawei 1 Harmonyos 2025-12-02 5.1 Medium
Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58309 1 Huawei 1 Harmonyos 2025-12-02 6.8 Medium
Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-58294 1 Huawei 1 Harmonyos 2025-12-02 6.2 Medium
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-24863 1 Intel 2 Cip Software, Computing Improvement Program 2025-11-26 6.5 Medium
Improper privilege management for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via network access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2025-13443 1 Macrozheng 1 Mall 2025-11-25 5.4 Medium
A vulnerability was detected in macrozheng mall up to 1.0.3. Affected by this issue is the function delete of the file /member/readHistory/delete. Performing manipulation of the argument ids results in improper access controls. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2014-1529 7 Canonical, Debian, Fedoraproject and 4 more 16 Ubuntu Linux, Debian Linux, Fedora and 13 more 2025-11-25 8.8 High
The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before 24.5, and SeaMonkey before 2.26 allows remote attackers to bypass intended source-component restrictions and execute arbitrary JavaScript code in a privileged context via a crafted web page for which Notification.permission is granted.
CVE-2017-5409 2 Microsoft, Mozilla 2 Windows, Firefox 2025-11-25 N/A
The Mozilla Windows updater can be called by a non-privileged user to delete an arbitrary local file by passing a special path to the callback parameter through the Mozilla Maintenance Service, which has privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 45.8 and Firefox < 52.
CVE-2014-1520 3 Fedoraproject, Microsoft, Mozilla 3 Fedora, Windows, Firefox 2025-11-25 N/A
maintenservice_installer.exe in the Maintenance Service Installer in Mozilla Firefox before 29.0 and Firefox ESR 24.x before 24.5 on Windows allows local users to gain privileges by placing a Trojan horse DLL file into a temporary directory at an unspecified point in the update process.
CVE-2014-1510 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allows remote attackers to execute arbitrary JavaScript code with chrome privileges by using an IDL fragment to trigger a window.open call.
CVE-2017-7782 2 Microsoft, Mozilla 3 Windows, Firefox, Thunderbird 2025-11-25 N/A
An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.
CVE-2017-7767 2 Microsoft, Mozilla 2 Windows, Firefox 2025-11-25 N/A
The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. Note: This attack requires local system access and only affects Windows. Other operating systems are not affected. This vulnerability affects Firefox ESR < 52.2 and Firefox < 54.
CVE-2014-1511 6 Canonical, Debian, Mozilla and 3 more 17 Ubuntu Linux, Debian Linux, Firefox and 14 more 2025-11-25 9.8 Critical
Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25 allow remote attackers to bypass the popup blocker via unspecified vectors.