Total
1230 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-48685 | 1 Logpoint | 1 Siem | 2025-04-18 | N/A | 7.7 HIGH |
| An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | |||||
| CVE-2024-34221 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 8.8 HIGH |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | |||||
| CVE-2024-34223 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 4.3 MEDIUM |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | |||||
| CVE-2025-3617 | 2025-04-17 | N/A | N/A | ||
| A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges. | |||||
| CVE-2022-47551 | 1 Apiman | 1 Apiman | 2025-04-17 | N/A | 6.5 MEDIUM |
| Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability. | |||||
| CVE-2024-22085 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | N/A | 6.2 MEDIUM |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | |||||
| CVE-2022-29909 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2025-04-16 | N/A | 8.8 HIGH |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | |||||
| CVE-2025-27682 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005. | |||||
| CVE-2025-27677 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-15 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002. | |||||
| CVE-2022-3155 | 2 Apple, Mozilla | 2 Macos, Thunderbird | 2025-04-15 | N/A | 7.8 HIGH |
| When saving or opening an email attachment on macOS, Thunderbird did not set attribute com.apple.quarantine on the received file. If the received file was an application and the user attempted to open it, then the application was started immediately without asking the user to confirm. This vulnerability affects Thunderbird < 102.3. | |||||
| CVE-2019-9579 | 3 Illumos, Nexenta, Oracle | 3 Illumos, Nexentastor, Solaris | 2025-04-14 | N/A | 8.1 HIGH |
| An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an attacker to have unintended access, e.g., an attacker with WRITE_XATTR can change permissions. This occurs because of a combination of three factors: ZFS extended attributes are used to implement NT named streams, the SMB protocol requires implementations to have open handle semantics similar to those of NTFS, and the SMB server passes along certain attribute requests to the underlying object (i.e., they are not considered to be requests that pertain to the named stream). | |||||
| CVE-2015-7985 | 1 Valvesoftware | 1 Steam Client | 2025-04-12 | 7.2 HIGH | N/A |
| Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||||
| CVE-2016-3943 | 1 Watchguard | 1 Panda Endpoint Administration Agent | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module. | |||||
| CVE-2016-5425 | 3 Apache, Oracle, Redhat | 9 Tomcat, Instantis Enterprisetrack, Linux and 6 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | |||||
| CVE-2015-7378 | 1 Watchguard | 1 Panda Url Filtering | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe. | |||||
| CVE-2024-57548 | 1 Cmsimple | 1 Cmsimple | 2025-04-11 | N/A | 9.1 CRITICAL |
| CMSimple 5.16 allows the user to edit log.php file via print page. | |||||
| CVE-2025-23386 | 2025-04-11 | N/A | 7.8 HIGH | ||
| A Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed package gerbera allows the service user gerbera to escalate to root.,This issue affects gerbera on openSUSE Tumbleweed before 2.5.0-1.1. | |||||
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 5 Dracut, Fedora, Enterprise Linux Desktop and 2 more | 2025-04-11 | 2.1 LOW | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | |||||
| CVE-2011-2859 | 1 Google | 1 Chrome | 2025-04-11 | 6.8 MEDIUM | N/A |
| Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | |||||
| CVE-2011-4361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-11 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | |||||