Total
1372 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-4453 | 3 Dracut Project, Fedoraproject, Redhat | 6 Dracut, Fedora, Enterprise Linux and 3 more | 2025-04-11 | N/A |
| dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 and 17, and possibly other products, creates initramfs images with world-readable permissions, which might allow local users to obtain sensitive information. | ||||
| CVE-2011-1435 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 11.0.696.57 does not properly implement the tabs permission for extensions, which allows remote attackers to read local files via a crafted extension. | ||||
| CVE-2011-2859 | 1 Google | 1 Chrome | 2025-04-11 | N/A |
| Google Chrome before 14.0.835.163 uses incorrect permissions for non-gallery pages, which has unspecified impact and attack vectors. | ||||
| CVE-2011-2782 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2025-04-11 | N/A |
| The drag-and-drop implementation in Google Chrome before 13.0.782.107 on Linux does not properly enforce permissions for files, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2010-4176 | 3 Dracut Project, Fedoraproject, Udev Project | 3 Dracut, Fedora, Udev | 2025-04-11 | N/A |
| plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak permissions for the /dev/systty device file, which allows remote authenticated users to read terminal data from tty0 for local users. | ||||
| CVE-2011-4361 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2025-04-11 | N/A |
| MediaWiki before 1.17.1 does not check for read permission before handling action=ajax requests, which allows remote attackers to obtain sensitive information by (1) leveraging the SpecialUpload::ajaxGetExistsWarning function, or by (2) leveraging an extension, as demonstrated by the CategoryTree, ExtTab, and InlineEditor extensions. | ||||
| CVE-2023-28724 | 1 F5 | 3 Nginx Api Connectivity Manager, Nginx Instance Manager, Nginx Security Monitoring | 2025-04-10 | 7.1 High |
| NGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2022-46761 | 1 Huawei | 2 Emui, Harmonyos | 2025-04-09 | 7.5 High |
| The system has a vulnerability that may cause dynamic hiding and restoring of app icons.Successful exploitation of this vulnerability may cause malicious hiding of app icons. | ||||
| CVE-2024-0259 | 2 Fortra, Microsoft | 2 Robot Schedule, Windows | 2025-04-09 | 7.3 High |
| Fortra's Robot Schedule Enterprise Agent for Windows prior to version 3.04 is susceptible to privilege escalation. A low-privileged user can overwrite the service executable. When the service is restarted, the replaced binary runs with local system privileges, allowing a low-privileged user to gain elevated privileges. | ||||
| CVE-2006-5014 | 1 Cpanel | 1 Cpanel | 2025-04-09 | 8.8 High |
| Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. | ||||
| CVE-2024-23847 | 1 Yokogawa Rental Lease Corporation | 1 Unifier | 2025-04-08 | 5.9 Medium |
| Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2025-27154 | 1 Spotipy Project | 1 Spotipy | 2025-04-07 | 9.8 Critical |
| Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions. | ||||
| CVE-2025-24234 | 1 Apple | 1 Macos | 2025-04-07 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to gain root privileges. | ||||
| CVE-2023-23566 | 1 Axigen | 1 Axigen Mail Server | 2025-04-07 | 9.8 Critical |
| A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service (or add an account to Outlook or Gmail, etc.) with IMAP or POP3 without any verification code. | ||||
| CVE-2025-29504 | 2025-04-07 | 7.8 High | ||
| Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. | ||||
| CVE-2025-24195 | 1 Apple | 1 Macos | 2025-04-07 | 9.8 Critical |
| An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A user may be able to elevate privileges. | ||||
| CVE-2025-24207 | 1 Apple | 1 Macos | 2025-04-07 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to enable iCloud storage features without user consent. | ||||
| CVE-2024-11088 | 2 Mra13, Simple-membership-plugin | 2 Simple Membership, Simple Membership | 2025-04-05 | 5.3 Medium |
| The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2025-24277 | 1 Apple | 1 Macos | 2025-04-04 | 7.8 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | ||||
| CVE-2025-24267 | 1 Apple | 1 Macos | 2025-04-04 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges. | ||||