Total
1344 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-25654 | 1 Avsystem | 1 Unified Management Platform | 2025-03-14 | N/A | 5.5 MEDIUM |
| Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. | |||||
| CVE-2024-30977 | 2025-03-13 | N/A | 7.8 HIGH | ||
| An issue in Secnet Security Network Intelligent AC Management System v.1.02.040 allows a local attacker to escalate privileges via the password component. | |||||
| CVE-2024-44228 | 1 Apple | 1 Xcode | 2025-03-13 | N/A | 7.5 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data. | |||||
| CVE-2023-52545 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Vulnerability of undefined permissions in the Calendar app. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2024-44786 | 2025-03-13 | N/A | 7.5 HIGH | ||
| Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | |||||
| CVE-2024-30415 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 9.1 CRITICAL |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52717 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 5.3 MEDIUM |
| Permission verification vulnerability in the lock screen module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
| CVE-2023-52362 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
| Permission management vulnerability in the lock screen module.Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27926 | 2025-03-10 | N/A | 4.3 MEDIUM | ||
| In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | |||||
| CVE-2022-45552 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-07 | N/A | 7.5 HIGH |
| An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | |||||
| CVE-2025-24864 | 2025-03-06 | N/A | 7.8 HIGH | ||
| Incorrect access permission of a specific folder issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | |||||
| CVE-2025-22447 | 2025-03-06 | N/A | 7.8 HIGH | ||
| Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege. | |||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | N/A | 9.8 CRITICAL |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | |||||
| CVE-2022-26344 | 1 Intel | 1 Single Event Api | 2025-02-25 | N/A | 7.8 HIGH |
| Incorrect default permissions in the installation binaries for Intel(R) SEAPI all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2024-56525 | 2025-02-25 | N/A | 9.8 CRITICAL | ||
| In Public Knowledge Project (PKP) OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin. | |||||
| CVE-2024-55930 | 2025-02-24 | N/A | 6.7 MEDIUM | ||
| Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | |||||
| CVE-2024-20841 | 1 Samsung | 1 Account | 2025-02-14 | N/A | 5.1 MEDIUM |
| Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. | |||||
| CVE-2023-42501 | 1 Apache | 1 Superset | 2025-02-13 | N/A | 4.3 MEDIUM |
| Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations. This issue affects Apache Superset: before 2.1.2. Users should upgrade to version or above 2.1.2 and run `superset init` to reconstruct the Gamma role or remove `can_read` permission from the mentioned resources. | |||||
| CVE-2022-43702 | 1 Arm | 6 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 3 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code. | |||||
| CVE-2022-43701 | 1 Arm | 11 Arm Compiler, Arm Compiler For Embedded Fusa, Arm Compiler For Functional Safety and 8 more | 2025-02-13 | N/A | 7.8 HIGH |
| When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code. | |||||