Total
1586 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2026-04-16 | 2.1 LOW | 7.1 HIGH |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | |||||
| CVE-2004-1714 | 1 Iss | 2 Blackice Pc Protection, Blackice Server Protection | 2026-04-16 | 2.1 LOW | 7.1 HIGH |
| BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | |||||
| CVE-2025-69426 | 2026-04-15 | N/A | N/A | ||
| The Ruckus vRIoT IoT Controller firmware versions prior to 3.0.0.0 (GA) contain hardcoded credentials for an operating system user account within an initialization script. The SSH service is network-accessible without IP-based restrictions. Although the configuration disables SCP and pseudo-TTY allocation, an attacker can authenticate using the hardcoded credentials and establish SSH local port forwarding to access the Docker socket. By mounting the host filesystem via Docker, an attacker can escape the container and execute arbitrary OS commands as root on the underlying vRIoT controller, resulting in complete system compromise. | |||||
| CVE-2024-1486 | 2026-04-15 | N/A | 7.4 HIGH | ||
| Elevation of privileges via misconfigured access control list in GE HealthCare ultrasound devices | |||||
| CVE-2019-25343 | 2026-04-15 | N/A | 7.8 HIGH | ||
| NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification. | |||||
| CVE-2025-68462 | 2026-04-15 | N/A | 3.2 LOW | ||
| Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases. | |||||
| CVE-2025-52992 | 2026-04-15 | N/A | 3.2 LOW | ||
| The Nix, Lix, and Guix package managers fail to properly set permissions when a derivation build fails. This may allow arbitrary processes to modify the content of a store outside of the build sandbox. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | |||||
| CVE-2025-12004 | 2026-04-15 | N/A | N/A | ||
| Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42. | |||||
| CVE-2024-10209 | 2026-04-15 | N/A | N/A | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | |||||
| CVE-2024-0128 | 2026-04-15 | N/A | 7.1 HIGH | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | |||||
| CVE-2023-53949 | 2026-04-15 | N/A | 8.4 HIGH | ||
| AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access. | |||||
| CVE-2026-0775 | 2026-04-15 | N/A | 7.0 HIGH | ||
| npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of modules. The application loads modules from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of a target user. Was ZDI-CAN-25430. | |||||
| CVE-2025-23285 | 2026-04-15 | N/A | 5.5 MEDIUM | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service. | |||||
| CVE-2025-23257 | 2026-04-15 | N/A | 7.3 HIGH | ||
| NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2025-46802 | 2026-04-15 | N/A | 6.0 MEDIUM | ||
| For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | |||||
| CVE-2024-38456 | 2026-04-15 | N/A | 7.8 HIGH | ||
| HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | |||||
| CVE-2025-14988 | 2026-04-15 | N/A | N/A | ||
| A security issue has been identified in ibaPDA that could allow unauthorized actions on the file system under certain conditions. This may impact the confidentiality, integrity, or availability of the system. | |||||
| CVE-2024-28955 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | |||||
| CVE-2024-39967 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | |||||
| CVE-2024-41970 | 2026-04-15 | N/A | 5.7 MEDIUM | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | |||||