Search Results (1763 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-27216 2026-04-15 8.8 High
Multiple Incorrect Permission Assignment for Critical Resource in UISP Application may allow a malicious actor with certain permissions to escalate privileges.
CVE-2023-5936 2026-04-15 7.8 High
On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges.
CVE-2025-24527 1 Akamai 1 Enterprise Application Access 2026-04-15 8 High
An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector.
CVE-2025-23245 2026-04-15 5.5 Medium
NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service.
CVE-2025-52923 1 Sangfor 1 Atrust 2026-04-15 4.3 Medium
Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command.
CVE-2025-68462 1 Debian 1 Freedombox 2026-04-15 3.2 Low
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.
CVE-2025-52992 2026-04-15 3.2 Low
The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b.
CVE-2025-54546 1 Arista 1 Danz Monitoring Fabric 2026-04-15 7.5 High
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
CVE-2024-55411 2026-04-15 8.8 High
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests.
CVE-2025-54497 1 Cognex 2 In-sight Camera Firmware, In-sight Explorer 2026-04-15 8.1 High
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual.
CVE-2024-29078 2026-04-15 7.5 High
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.
CVE-2025-11921 1 Bjango 1 Istats 2026-04-15 N/A
iStats contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via command injection.This issue affects iStats: 7.10.4.
CVE-2025-59373 1 Asus 1 Myasus 2026-04-15 N/A
A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more information, please refer to section Security Update for MyASUS in the ASUS Security Advisory.
CVE-2025-35999 1 Intel 1 System Firmware Update Utility (sysfwupdt) For Intel(r) Server Boards And Intel(r) Server Systems Based 2026-04-15 6.7 Medium
Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
CVE-2024-8039 1 Tecno 1 Com.afmobi.boomplayer 2026-04-15 9.8 Critical
Improper permission configurationDomain configuration vulnerability of the mobile application (com.afmobi.boomplayer) can lead to account takeover risks.
CVE-2024-45841 2026-04-15 N/A
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.9 and earlier and UD-LT1/EX firmware Ver.2.1.9 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained.
CVE-2025-2098 2026-04-15 N/A
Fast CAD Reader application on MacOS was found to be installed with incorrect file permissions (rwxrwxrwx). This is inconsistent with standard macOS security practices, where applications should have drwxr-xr-x permissions. Incorrect permissions allow for Dylib Hijacking. Guest account, other users and applications can exploit this vulnerability for privilege escalation. This issue affects Fast CAD Reader in possibly all versions since the vendor has not responded to our messages. The tested version was 4.1.5
CVE-2024-41970 2026-04-15 5.7 Medium
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources.
CVE-2023-32190 1 Suse 1 Opensuse Tumbleweed 2026-04-15 7.8 High
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.
CVE-2025-41659 1 Codesys 1 Control 2026-04-15 8.3 High
A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted.