Total
1626 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-6619 | 2026-04-15 | N/A | N/A | ||
| In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service. | |||||
| CVE-2024-8256 | 2026-04-15 | N/A | N/A | ||
| In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API. | |||||
| CVE-2024-57068 | 2026-04-15 | N/A | 7.5 HIGH | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | |||||
| CVE-2024-22029 | 2026-04-15 | N/A | 7.8 HIGH | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | |||||
| CVE-2019-25245 | 2026-04-15 | N/A | 8.8 HIGH | ||
| Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable. | |||||
| CVE-2017-20198 | 2026-04-15 | N/A | N/A | ||
| The Marathon UI in DC/OS < 1.9.0 allows unauthenticated users to deploy arbitrary Docker containers. Due to improper restriction of volume mount configurations, attackers can deploy a container that mounts the host's root filesystem (/) with read/write privileges. When using a malicious Docker image, the attacker can write to /etc/cron.d/ on the host, achieving arbitrary code execution with root privileges. This impacts any system where the Docker daemon honors Marathon container configurations without policy enforcement. | |||||
| CVE-2025-23403 | 2026-04-15 | N/A | 7.0 HIGH | ||
| A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures. | |||||
| CVE-2025-62688 | 2026-04-15 | N/A | 7.1 HIGH | ||
| An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project. | |||||
| CVE-2025-5995 | 2026-04-15 | N/A | N/A | ||
| Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation. | |||||
| CVE-2023-6729 | 2026-04-15 | N/A | 7.3 HIGH | ||
| Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | |||||
| CVE-2021-47742 | 2026-04-15 | N/A | 8.8 HIGH | ||
| Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable files and potentially escalate system privileges. | |||||
| CVE-2024-29078 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | |||||
| CVE-2025-24527 | 2026-04-15 | N/A | 8.0 HIGH | ||
| An issue was discovered in Akamai Enterprise Application Access (EAA) before 2025-01-17. If an admin knows another tenant's 128-bit connector GUID, they can execute debug commands on that connector. | |||||
| CVE-2024-11497 | 2026-04-15 | N/A | 8.8 HIGH | ||
| An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | |||||
| CVE-2024-32014 | 2026-04-15 | N/A | 4.7 MEDIUM | ||
| A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to alter the local database which contains the application credentials. This allows an attacker to gain administrative application privileges. | |||||
| CVE-2025-40804 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. | |||||
| CVE-2025-40672 | 2026-04-15 | N/A | N/A | ||
| A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). | |||||
| CVE-2025-13703 | 2026-04-15 | N/A | 7.8 HIGH | ||
| VIPRE Advanced Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security for PC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from incorrect permissions on a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-27147. | |||||
| CVE-2024-6780 | 2026-04-15 | N/A | 3.3 LOW | ||
| Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks. | |||||
| CVE-2022-50690 | 2026-04-15 | N/A | 8.4 HIGH | ||
| Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges. | |||||