Total
1479 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15333 | 1 Tanium | 1 Threat Response | 2026-06-17 | N/A | 4.3 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||
| CVE-2025-13905 | 2026-06-17 | N/A | N/A | ||
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | |||||
| CVE-2025-13193 | 2026-06-17 | N/A | 5.5 MEDIUM | ||
| A flaw was found in libvirt. External inactive snapshots for shut-down VMs are incorrectly created as world-readable, making it possible for unprivileged users to inspect the guest OS contents. This results in an information disclosure vulnerability. | |||||
| CVE-2025-13155 | 2026-06-17 | N/A | 7.8 HIGH | ||
| An improper permissions vulnerability was reported in Lenovo Baiying Client that could allow a local authenticated user to execute code with elevated privileges. | |||||
| CVE-2025-13131 | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability was found in Sonarr 4.0.15.2940. The impacted element is an unknown function of the file C:\ProgramData\Sonarr\bin\Sonarr.Console.exe of the component Service. Performing manipulation results in incorrect default permissions. The attack is only possible with local access. The vendor confirms this vulnerability but classifies it as a "low severity issue due to the default service user being used as it would either require someone to intentionally change the service to a highly privileged account or an attacker would need an admin level account". It is planned to fix this issue in the next major release v5. | |||||
| CVE-2025-13130 | 2026-06-17 | 6.8 MEDIUM | 7.8 HIGH | ||
| A vulnerability has been found in Radarr 5.28.0.10274. The affected element is an unknown function of the file C:\ProgramData\Radarr\bin\Radarr.Console.exe of the component Service. Such manipulation leads to incorrect default permissions. The attack can only be performed from a local environment. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13025 | 1 Mozilla | 1 Firefox | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 145 and Thunderbird 145. | |||||
| CVE-2025-12792 | 2026-06-17 | N/A | 3.2 LOW | ||
| The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva. | |||||
| CVE-2025-12100 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Incorrect Default Permissions vulnerability in MongoDB BI Connector ODBC driver allows Privilege Escalation.This issue affects BI Connector ODBC driver: from 1.0.0 through 1.4.6. | |||||
| CVE-2025-11575 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Incorrect Default Permissions vulnerability in MongoDB Atlas SQL ODBC driver on Windows allows Privilege Escalation.This issue affects MongoDB Atlas SQL ODBC driver: from 1.0.0 through 2.0.0. | |||||
| CVE-2025-11567 | 2026-06-17 | N/A | N/A | ||
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured. | |||||
| CVE-2025-11535 | 2026-06-17 | N/A | N/A | ||
| MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | |||||
| CVE-2025-10918 | 1 Ivanti | 1 Endpoint Manager | 2026-06-17 | N/A | 7.1 HIGH |
| Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk | |||||
| CVE-2025-10314 | 2026-06-17 | N/A | 8.8 HIGH | ||
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (DoS) condition on the affected system. | |||||
| CVE-2025-10231 | 1 N-able | 1 N-central | 2026-06-17 | N/A | 7.0 HIGH |
| An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. | |||||
| CVE-2025-0886 | 2026-06-17 | N/A | 7.8 HIGH | ||
| An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. | |||||
| CVE-2025-0797 | 1 Escanav | 1 Escan Anti-virus | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-0543 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Local privilege escalation in G DATA Security Client due to incorrect assignment of privileges to directories. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing an arbitrary executable in a globally writable directory resulting in execution by the SetupSVC.exe service in the context of SYSTEM. | |||||
| CVE-2025-0542 | 2026-06-17 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write. | |||||
| CVE-2025-0014 | 2026-06-17 | N/A | 7.3 HIGH | ||
| Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||