Total
315 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32696 | 2026-04-15 | N/A | N/A | ||
| Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. | |||||
| CVE-2024-53934 | 2026-04-15 | N/A | 7.7 HIGH | ||
| The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. | |||||
| CVE-2024-56973 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. | |||||
| CVE-2024-56317 | 2026-04-15 | N/A | 7.5 HIGH | ||
| In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | |||||
| CVE-2025-43700 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. | |||||
| CVE-2024-9333 | 2026-04-15 | N/A | N/A | ||
| Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation | |||||
| CVE-2024-1726 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service. | |||||
| CVE-2025-24337 | 2026-04-15 | N/A | 8.4 HIGH | ||
| WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini. | |||||
| CVE-2025-32697 | 2026-04-15 | N/A | N/A | ||
| Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1. | |||||
| CVE-2025-43697 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025 | |||||
| CVE-2025-43701 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. | |||||
| CVE-2024-3291 | 2026-04-15 | N/A | 7.8 HIGH | ||
| When installing Nessus Agent to a directory outside of the default location on a Windows host, Nessus Agent versions prior to 10.6.4 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | |||||
| CVE-2024-46622 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion. | |||||
| CVE-2025-43698 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025 | |||||
| CVE-2025-7346 | 2026-04-15 | N/A | N/A | ||
| Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages | |||||
| CVE-2025-31184 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 7.8 HIGH |
| This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network. | |||||
| CVE-2025-30456 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | N/A | 7.8 HIGH |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | |||||
| CVE-2025-30449 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | |||||
| CVE-2024-54557 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 7.5 HIGH |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system. | |||||
| CVE-2024-54516 | 1 Apple | 1 Macos | 2026-04-02 | N/A | 3.3 LOW |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to approve a launch daemon without user consent. | |||||