Total
1556 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26095 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26096 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26100 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26101 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26102 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2019-25344 | 1 Wondershare | 1 Mobilego | 2026-02-26 | N/A | 7.8 HIGH |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | |||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2026-02-24 | 6.4 MEDIUM | 7.7 HIGH |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | |||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2026-02-24 | 7.2 HIGH | 8.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | |||||
| CVE-2020-8908 | 4 Google, Netapp, Oracle and 1 more | 13 Guava, Active Iq Unified Manager, Commerce Guided Search and 10 more | 2026-02-23 | 2.1 LOW | 3.3 LOW |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | |||||
| CVE-2026-24834 | 1 Katacontainers | 1 Kata Containers | 2026-02-23 | N/A | 9.3 CRITICAL |
| Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue. | |||||
| CVE-2024-11176 | 2026-02-23 | N/A | N/A | ||
| Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. | |||||
| CVE-2024-47475 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | N/A | 5.0 MEDIUM |
| Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | |||||
| CVE-2025-33088 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-18 | N/A | 7.4 HIGH |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources. | |||||
| CVE-2026-23648 | 2026-02-18 | N/A | 7.8 HIGH | ||
| Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation. | |||||
| CVE-2026-24049 | 1 Wheel Project | 1 Wheel | 2026-02-18 | N/A | 7.1 HIGH |
| wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2. | |||||
| CVE-2019-25343 | 2026-02-13 | N/A | 7.8 HIGH | ||
| NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification. | |||||
| CVE-2025-61969 | 2026-02-11 | N/A | N/A | ||
| Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | |||||
| CVE-2025-35999 | 2026-02-10 | N/A | 6.7 MEDIUM | ||
| Incorrect permission assignment for critical resource for some System Firmware Update Utility (SysFwUpdt) for Intel(R) Server Boards and Intel(R) Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-02-10 | N/A | 5.5 MEDIUM |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | |||||
| CVE-2025-64319 | 1 Salesforce | 1 Mulesoft Anypoint Code Builder | 2026-02-04 | N/A | 5.3 MEDIUM |
| Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1 | |||||