CVE-2025-25968
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensit
CVSS
6.0
Medio
EPSS
0.9%
p56
KEV
—
Exploit Today
17
0-100
Publicado: 20 feb 2025 · Última mod.: 5 jul 2026 · CWE-284
0.9%EPSS · 30 días0.9%
2026-06-302026-07-16
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2026-503517.8 ALT83.0%
——25Improper access control in Windows Audio Compression Manager (ACM) allows an authorized attacker to elevate privileges locally.22hCVE-2026-504237.8 ALT82.7%
——25Improper access control in Windows Kernel allows an authorized attacker to elevate privileges locally.2dCVE-2023-285319.8 CRÍ81.1%
——24ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.3dCVE-2026-393647.5 ALT79.6%
——24Vite is a frontend tooling framework for JavaScript. From 7.1.0 to before 7.3.2 and 8.0.5, on the Vite dev server, files that should be blocked by server.fs.deny (e.g., .env, *.crt) can be retrieved with HTTP 200 responses when query parameters such as ?raw, ?import&raw, or ?import&url&inline are appended. This vulnerability is fixed in 7.3.2 and 8.0.5.2dCVE-2026-498057.0 ALT79.5%
——24Improper access control in Windows Win32K allows an authorized attacker to elevate privileges locally.23hCVE-2026-212628.8 ALT79.0%
——24Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network.7d