Total
1557 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-32704 | 2026-03-16 | N/A | 6.5 MEDIUM | ||
| SiYuan is a personal knowledge management system. Prior to 3.6.1, POST /api/template/renderSprig lacks model.CheckAdminRole, allowing any authenticated user to execute arbitrary SQL queries against the SiYuan workspace database and exfiltrate all note content, metadata, and custom attributes. This vulnerability is fixed in 3.6.1. | |||||
| CVE-2026-24291 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-03-13 | N/A | 7.8 HIGH |
| Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2025-11790 | 4 Acronis, Apple, Linux and 1 more | 4 Agent, Macos, Linux Kernel and 1 more | 2026-03-13 | N/A | 4.4 MEDIUM |
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 41124. | |||||
| CVE-2026-28725 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2026-03-13 | N/A | 5.5 MEDIUM |
| Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | |||||
| CVE-2025-30413 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2026-03-13 | N/A | 4.4 MEDIUM |
| Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40497, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | |||||
| CVE-2025-15037 | 2026-03-12 | N/A | N/A | ||
| An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information. | |||||
| CVE-2026-29125 | 1 Datacast | 2 Sfx2100, Sfx2100 Firmware | 2026-03-11 | N/A | 4.7 MEDIUM |
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | |||||
| CVE-2026-29126 | 1 Datacast | 2 Sfx2100, Sfx2100 Firmware | 2026-03-11 | N/A | 7.8 HIGH |
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | |||||
| CVE-2025-41712 | 2026-03-11 | N/A | 6.5 MEDIUM | ||
| An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server. | |||||
| CVE-2026-3315 | 2026-03-11 | N/A | N/A | ||
| Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | |||||
| CVE-2026-29188 | 1 Filebrowser | 1 Filebrowser | 2026-03-10 | N/A | 9.1 CRITICAL |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1. | |||||
| CVE-2026-2915 | 1 Hp | 1 System Event Utility | 2026-03-09 | N/A | 7.1 HIGH |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | |||||
| CVE-2026-1344 | 1 Tanium | 1 Enforce Recovery Key Portal | 2026-03-09 | N/A | 6.5 MEDIUM |
| Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | |||||
| CVE-2025-70342 | 1 Grahampugh | 1 Erase-install | 2026-03-09 | N/A | 6.6 MEDIUM |
| erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. | |||||
| CVE-2025-12801 | 2 Linux-nfs, Redhat | 3 Nfs-utils, Enterprise Linux, Openshift Container Platform | 2026-03-09 | N/A | 6.5 MEDIUM |
| A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exported directory, regardless of the set file permissions, and regardless of any 'root_squash' or 'all_squash' attributes that would normally be expected to apply to that client. | |||||
| CVE-2025-70341 | 1 App-auto-patch | 1 App-auto-patch | 2026-03-05 | N/A | 7.8 HIGH |
| Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. | |||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | N/A | 6.6 MEDIUM |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | |||||
| CVE-2026-24732 | 2026-03-04 | N/A | N/A | ||
| Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5 | |||||
| CVE-2026-2637 | 2026-03-03 | N/A | N/A | ||
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | |||||
| CVE-2025-14979 | 2026-03-03 | N/A | N/A | ||
| AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | |||||