Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?exam_rule_id=1.
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers.
CVE-2024-53573
CRITICAL CVSS 9.8
Find Similar
Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Unauthorized users can access and manipulate endpoints intended exclusively for administrative use. This issue specifically affects tea
Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation allowing the change of Section Name and Room Number by Teachers.
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnera
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control which allows viewing attendance list for all class sections.
Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacher_id=2&semester_id=1
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
CVE-2025-28411
CRITICAL CVSS 9.8
Find Similar
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the editSave method in /tool/gen/editSave
Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.
An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access t
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the addUser and updateUser endpoints
CVE-2025-28405
CRITICAL CVSS 9.8
Find Similar
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the edit method of the /edit/{dictId} endpoint does not properly validate whether the requesting user has permission to mo
CVE-2025-25962
CRITICAL CVSS 9.8
Find Similar
An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function
Page 1+ Next →