| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper authentication in Microsoft Defender for Identity allows an unauthorized attacker to perform spoofing over an adjacent network. |
| Improper access control in Azure allows an unauthorized attacker to disclose information over a network. |
| Improper handling of insufficient permissions or privileges in Microsoft Dataverse allows an authorized attacker to elevate privileges over a network. |
| Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally. |
| Active Directory Domain Services Elevation of Privilege Vulnerability |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. |
| Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
| Windows App Package Installer Elevation of Privilege Vulnerability |
| Secure Boot Security Feature Bypass Vulnerability |
| Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
| Visual Studio Elevation of Privilege Vulnerability |
| Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Windows Geolocation Service Information Disclosure Vulnerability |
| A vulnerability was identified in SiempreCMS up to 1.3.6. This vulnerability affects unknown code of the file /docs/admin/file_upload.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. |
| Incorrect access control in the component /controller/PersonController.java of jshERP v3.5 allows unauthorized attackers to obtain all the information of the handler by executing the getAllList method. |
| Incorrect access control in the component \controller\RoleController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. |
| Incorrect access control in the component \controller\UserController.java of jshERP v3.5 allows attackers to arbitrarily reset user account passwords and execute a horizontal privilege escalation attack. |
| Incorrect access control in the component \controller\SupplierController.java of jshERP v3.5 allows unauthorized attackers to arbitrarily modify the supplier status under any account. |
| A vulnerability was determined in jshERP up to 3.5. Affected is an unknown function of the file /jshERP-boot/user/deleteBatch of the component Endpoint. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Different than CVE-2025-7947. |
