Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26918 | 1 Filereplicationpro | 1 File Replication Pro | 2026-06-17 | N/A | 9.8 CRITICAL |
| Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access. | |||||
| CVE-2023-26077 | 2 Atera, Microsoft | 2 Atera, Windows | 2026-06-17 | N/A | 7.8 HIGH |
| Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions. | |||||
| CVE-2023-25941 | 1 Dell | 1 Emc Powerscale Onefs | 2026-06-17 | N/A | 7.8 HIGH |
| Dell PowerScale OneFS versions 8.2.x-9.5.0.x contain an elevation of privilege vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to Denial of service, escalation of privileges, and information disclosure. This vulnerability breaks the compliance mode guarantee. | |||||
| CVE-2023-25645 | 1 Zte | 10 Up T2 4k, Up T2 4k Firmware, Zxv10 B860h V5d0 and 7 more | 2026-06-17 | N/A | 7.7 HIGH |
| There is a permission and access control vulnerability in some ZTE AndroidTV STBs. Due to improper permission settings, non-privileged application can perform functions that are protected with signature/privilege-level permissions. Exploitation of this vulnerability could clear personal data and applications on the user's device, affecting device operation. | |||||
| CVE-2023-25542 | 1 Dell | 1 Trusted Device Agent | 2026-06-17 | N/A | 7.0 HIGH |
| Dell Trusted Device Agent, versions prior to 5.3.0, contain(s) an improper installation permissions vulnerability. An unauthenticated local attacker could potentially exploit this vulnerability, leading to escalated privileges. | |||||
| CVE-2023-25540 | 1 Dell | 1 Emc Powerscale Onefs | 2026-06-17 | N/A | 6.0 MEDIUM |
| Dell PowerScale OneFS 9.4.0.x contains an incorrect default permissions vulnerability. A local malicious user could potentially exploit this vulnerability to overwrite arbitrary files causing denial of service. | |||||
| CVE-2023-25355 | 1 Coredial | 1 Sipxcom | 2026-06-17 | N/A | 8.8 HIGH |
| CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who has the ability to run commands as the `daemon` user on a sipXcom server can overwrite a service file, and escalate their privileges to `root`. | |||||
| CVE-2023-24460 | 1 Intel | 1 Graphics Performance Analyzers | 2026-06-17 | N/A | 8.2 HIGH |
| Incorrect default permissions in some Intel(R) GPA software installers before version 2023.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-23976 | 1 Metagauss | 1 Registrationmagic | 2026-06-17 | N/A | 7.5 HIGH |
| Incorrect Default Permissions vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.1.9.2. | |||||
| CVE-2023-23850 | 1 Jenkins | 1 Synopsys Coverity | 2026-06-17 | N/A | 4.3 MEDIUM |
| A missing permission check in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | |||||
| CVE-2023-23848 | 1 Jenkins | 1 Synopsys Coverity | 2026-06-17 | N/A | 4.3 MEDIUM |
| Missing permission checks in Synopsys Jenkins Coverity Plugin 3.0.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | |||||
| CVE-2023-23583 | 3 Debian, Intel, Netapp | 443 Debian Linux, Core I3-1005g1, Core I3-1005g1 Firmware and 440 more | 2026-06-17 | N/A | 8.8 HIGH |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access. | |||||
| CVE-2023-23566 | 1 Axigen | 1 Axigen Mail Server | 2026-06-17 | N/A | 9.8 CRITICAL |
| A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. | |||||
| CVE-2023-23344 | 1 Hcltech | 1 Bigfix Webui Insights | 2026-06-17 | N/A | 3.0 LOW |
| A permission issue in BigFix WebUI Insights site version 14 allows an authenticated, unprivileged operator to access an administrator page. | |||||
| CVE-2023-23059 | 1 Geovision | 1 Gv-edge Recording Manager | 2026-06-17 | N/A | 9.8 CRITICAL |
| An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | |||||
| CVE-2023-22951 | 1 Tigergraph | 2 Cloud, Tigergraph Enterprise | 2026-06-17 | N/A | 8.8 HIGH |
| An issue was discovered in TigerGraph Enterprise Free Edition 3.x. It creates an authentication token for internal systems use. This token can be read from the configuration file. Using this token on the REST API provides an attacker with anonymous admin-level privileges on all REST API endpoints. | |||||
| CVE-2023-22931 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2026-06-17 | N/A | 4.3 MEDIUM |
| In Splunk Enterprise versions below 8.1.13 and 8.2.10, the ‘createrss’ external search command overwrites existing Resource Description Format Site Summary (RSS) feeds without verifying permissions. This feature has been deprecated and disabled by default. | |||||
| CVE-2023-22651 | 1 Suse | 1 Rancher | 2026-06-17 | N/A | 9.9 CRITICAL |
| Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to the misconfiguration of the Webhook. This component enforces validation rules and security checks before resources are admitted into the Kubernetes cluster. The issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected. | |||||
| CVE-2023-22440 | 1 Intel | 1 Setup And Configuration Software | 2026-06-17 | N/A | 6.7 MEDIUM |
| Incorrect default permissions in the Intel(R) SCS Add-on software installer for Microsoft SCCM all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2023-21513 | 1 Samsung | 1 Android | 2026-06-17 | N/A | 6.1 MEDIUM |
| Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | |||||