Search Results (1802 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2019-0986 1 Microsoft 16 Windows 10, Windows 10 1507, Windows 10 1607 and 13 more 2025-05-20 6.3 Medium
An elevation of privilege vulnerability exists when the Windows User Profile Service (ProfSvc) improperly handles symlinks. An attacker who successfully exploited this vulnerability could delete files and folders in an elevated context. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and delete files or folders of their choosing. The security update addresses the vulnerability by correcting how the Windows User Profile Service handles symlinks.
CVE-2024-38884 1 Horizoncloud 1 Caterease 2025-05-13 7.8 High
An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms
CVE-2024-8404 1 Papercut 2 Papercut Mf, Papercut Ng 2025-05-13 7.8 High
An arbitrary file deletion vulnerability exists in PaperCut NG/MF, specifically affecting Windows servers with Web Print enabled. To exploit this vulnerability, an attacker must first obtain local login access to the Windows Server hosting PaperCut NG/MF and be capable of executing low-privilege code directly on the server via the web-print-hot-folder. Important: In most installations, this risk is mitigated by the default Windows Server configuration, which restricts local login access to Administrators only. However, this vulnerability could pose a risk to customers who allow non-administrative users to log into the local console of the Windows environment hosting the PaperCut NG/MF application server. Update: This CVE has been updated in May 2025 to update the fixed version and fix process. Please refer to the May 2025 Security Bulletin. Note: This CVE has been split from CVE-2024-3037.
CVE-2025-3224 1 Docker 1 Desktop 2025-05-10 7.8 High
A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTEM. During an update, Docker Desktop attempts to delete files and subdirectories under the path C:\ProgramData\Docker\config with high privileges. However, this directory often does not exist by default, and C:\ProgramData\ allows normal users to create new directories. By creating a malicious Docker\config folder structure at this location, an attacker can force the privileged update process to delete or manipulate arbitrary system files, leading to Elevation of Privilege.
CVE-2022-31256 1 Opensuse 1 Factory 2025-05-09 7.7 High
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
CVE-2024-21355 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-09 7 High
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2022-32905 1 Apple 1 Macos 2025-05-06 7.8 High
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted DMG file may lead to arbitrary code execution with system privileges.
CVE-2023-2939 2 Google, Microsoft 2 Chrome, Windows 2025-05-05 7.8 High
Insufficient data validation in Installer in Google Chrome on Windows prior to 114.0.5735.90 allowed a local attacker to perform privilege escalation via crafted symbolic link. (Chromium security severity: Medium)
CVE-2024-20686 1 Microsoft 1 Windows Server 2022 23h2 2025-05-03 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-20656 1 Microsoft 4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more 2025-05-03 7.8 High
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-21405 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 7 High
Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2024-21397 1 Microsoft 1 Azure File Sync 2025-05-03 5.3 Medium
Microsoft Azure File Sync Elevation of Privilege Vulnerability
CVE-2024-21329 1 Microsoft 1 Azure Connected Machine Agent 2025-05-03 7.3 High
Azure Connected Machine Agent Elevation of Privilege Vulnerability
CVE-2024-28916 1 Microsoft 1 Xbox Gaming Services 2025-05-03 8.8 High
Xbox Gaming Services Elevation of Privilege Vulnerability
CVE-2024-21432 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2025-05-03 7 High
Windows Update Stack Elevation of Privilege Vulnerability
CVE-2024-26199 1 Microsoft 1 365 Apps 2025-05-03 7.8 High
Microsoft Office Elevation of Privilege Vulnerability
CVE-2024-21446 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-05-03 7.8 High
NTFS Elevation of Privilege Vulnerability
CVE-2024-29989 1 Microsoft 2 Azure Monitor, Azure Monitor Agent 2025-05-03 8.4 High
Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2024-28907 1 Microsoft 1 Windows Server 2022 23h2 2025-05-03 7.8 High
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2024-26216 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2025-05-03 7.3 High
Windows File Server Resource Management Service Elevation of Privilege Vulnerability