Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-50975 | 1 Td | 1 Advanced Dashboard | 2026-06-17 | N/A | 8.4 HIGH |
| The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information. | |||||
| CVE-2023-50612 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2026-06-17 | N/A | 7.8 HIGH |
| Insecure Permissions vulnerability in fit2cloud Cloud Explorer Lite version 1.4.1, allow local attackers to escalate privileges and obtain sensitive information via the cloud accounts parameter. | |||||
| CVE-2023-50236 | 1 Siemens | 1 Polarion Alm | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM. | |||||
| CVE-2023-4664 | 1 Adobe | 1 Connect | 2026-06-17 | N/A | 8.8 HIGH |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation. This issue affects Saphira Connect: before 9. | |||||
| CVE-2023-4091 | 3 Fedoraproject, Redhat, Samba | 5 Fedora, Enterprise Linux, Enterprise Linux Eus and 2 more | 2026-06-17 | N/A | 6.5 MEDIUM |
| A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module "acl_xattr" is configured with "acl_xattr:ignore system acls = yes". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions. | |||||
| CVE-2023-4088 | 1 Mitsubishielectric | 1 Gx Works3 | 2026-06-17 | N/A | 9.3 CRITICAL |
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation multiple FA engineering software products allows a malicious local attacker to execute a malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than the default installation folder. | |||||
| CVE-2023-4065 | 1 Redhat | 4 Enterprise Linux, Jboss A-mq, Jboss Middleware and 1 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | |||||
| CVE-2023-49721 | 2 Canonical, Tianocore | 2 Lxd, Edk2 | 2026-06-17 | N/A | 6.7 MEDIUM |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | |||||
| CVE-2023-49338 | 1 Couchbase | 1 Couchbase Server | 2026-06-17 | N/A | 7.5 HIGH |
| Couchbase Server 7.1.x and 7.2.x before 7.2.4 does not require authentication for the /admin/stats and /admin/vitals endpoints on TCP port 8093 of localhost. | |||||
| CVE-2023-48678 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2026-06-17 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 37391. | |||||
| CVE-2023-48648 | 1 Concretecms | 1 Concrete Cms | 2026-06-17 | N/A | 9.8 CRITICAL |
| Concrete CMS before 8.5.13 and 9.x before 9.2.2 allows unauthorized access because directories can be created with insecure permissions. File creation functions (such as the Mkdir() function) gives universal access (0777) to created folders by default. Excessive permissions can be granted when creating a directory with permissions greater than 0755 or when the permissions argument is not specified. | |||||
| CVE-2023-47462 | 1 Gl-inet | 2 Gl-ax1800, Gl-ax1800 Firmware | 2026-06-17 | N/A | 9.8 CRITICAL |
| Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function. | |||||
| CVE-2023-47335 | 1 Autelrobotics | 2 Evo Nano Drone, Evo Nano Drone Firmware | 2026-06-17 | N/A | 6.5 MEDIUM |
| Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows attackers to breach the geo-fence and fly into no-fly zones. | |||||
| CVE-2023-47250 | 1 M-privacy | 3 Mprivacy-tools, Rsbac-policy-tgpro, Tightgatevnc | 2026-06-17 | N/A | 8.8 HIGH |
| In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, broken Access Control on X11 server sockets allows authenticated attackers (with access to a VNC session) to access the X11 desktops of other users by specifying their DISPLAY ID. This allows complete control of their desktop, including the ability to inject keystrokes and perform a keylogging attack. | |||||
| CVE-2023-46870 | 2026-06-17 | N/A | 7.3 HIGH | ||
| extcap/nrf_sniffer_ble.py, extcap/nrf_sniffer_ble.sh, extcap/SnifferAPI/*.py in Nordic Semiconductor nRF Sniffer for Bluetooth LE 3.0.0, 3.1.0, 4.0.0, 4.1.0, and 4.1.1 have set incorrect file permission, which allows attackers to do code execution via modified bash and python scripts. | |||||
| CVE-2023-46773 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 9.8 CRITICAL |
| Permission management vulnerability in the PMS module. Successful exploitation of this vulnerability may cause privilege escalation. | |||||
| CVE-2023-46270 | 2026-06-17 | N/A | 3.3 LOW | ||
| MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items. | |||||
| CVE-2023-45990 | 1 Wenwen-ai | 1 Wenwenai Cms | 2026-06-17 | N/A | 8.0 HIGH |
| Insecure Permissions vulnerability in WenwenaiCMS v.1.0 allows a remote attacker to escalate privileges. | |||||
| CVE-2023-45896 | 2026-06-17 | N/A | 7.1 HIGH | ||
| ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image. | |||||
| CVE-2023-45690 | 1 Southrivertech | 2 Titan Ftp Server, Titan Mft Server | 2026-06-17 | N/A | 4.9 MEDIUM |
| Default file permissions on South River Technologies' Titan MFT and Titan SFTP servers on Linux allows a user that's authentication to the OS to read sensitive files on the filesystem | |||||