Total
1547 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1731 | 2025-06-12 | 7.8 High | ||
| An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting malicious scripts or modifying system configurations with administrator-level access through a stolen token. Modifying the system configuration is only possible if the administrator has not logged out and the token remains valid. | ||||
| CVE-2023-49257 | 1 Hongdian | 2 H8951-4g-esp, H8951-4g-esp Firmware | 2025-06-11 | 8.8 High |
| An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | ||||
| CVE-2023-5136 | 1 Ni | 4 Diadem, Flexlogger, Topografix Data Plugin and 1 more | 2025-06-11 | 5.5 Medium |
| An incorrect permission assignment in the TopoGrafix DataPlugin for GPX could result in information disclosure. An attacker could exploit this vulnerability by getting a user to open a specially crafted data file. | ||||
| CVE-2022-1348 | 3 Fedoraproject, Logrotate Project, Redhat | 3 Fedora, Logrotate, Enterprise Linux | 2025-06-09 | 6.5 Medium |
| A vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0. | ||||
| CVE-2025-40672 | 2025-06-06 | N/A | ||
| A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). | ||||
| CVE-2025-3936 | 2 Microsoft, Tridium | 3 Windows, Niagara, Niagara Enterprise Security | 2025-06-04 | 6.5 Medium |
| Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2025-3944 | 4 Blackberry, Linux, Microsoft and 1 more | 5 Qnx, Linux Kernel, Windows and 2 more | 2025-06-04 | 7.2 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.11; Niagara Enterprise Security: before 4.14.2, before 4.15.1, before 4.10.11. Tridium recommends upgrading to Niagara Framework and Enterprise Security versions 4.14.2u2, 4.15.u1, or 4.10u.11. | ||||
| CVE-2024-23223 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-06-04 | 6.2 Medium |
| A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. | ||||
| CVE-2025-48961 | 2025-06-04 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938. | ||||
| CVE-2025-30408 | 2025-06-04 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938. | ||||
| CVE-2024-22236 | 1 Vmware | 1 Spring Cloud Contract | 2025-06-03 | 3.3 Low |
| In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. | ||||
| CVE-2023-34042 | 1 Vmware | 1 Spring Security | 2025-06-03 | 4.1 Medium |
| The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access to the file system. While there are no known exploits, this is an example of “CWE-732: Incorrect Permission Assignment for Critical Resource” and could result in an exploit. Users should update to the latest version of Spring Security to mitigate any future exploits found around this issue. | ||||
| CVE-2023-6506 | 1 Wpwhitesecurity | 1 Wp 2fa | 2025-06-03 | 4.3 Medium |
| The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. This makes it possible for subscriber-level attackers to email arbitrary users on the site. | ||||
| CVE-2024-21305 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-06-03 | 4.4 Medium |
| Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | ||||
| CVE-2023-52116 | 1 Huawei | 2 Emui, Harmonyos | 2025-06-02 | 7.5 High |
| Permission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device. | ||||
| CVE-2024-2905 | 1 Redhat | 3 Enterprise Linux, Openshift, Rhel Eus | 2025-05-29 | 6.2 Medium |
| A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. | ||||
| CVE-2022-2995 | 2 Kubernetes, Redhat | 2 Cri-o, Openshift | 2025-05-29 | 7.1 High |
| Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container. | ||||
| CVE-2017-20148 | 1 Debian | 1 Logcheck | 2025-05-29 | 9.8 Critical |
| In the ebuild package through logcheck-1.3.23.ebuild for Logcheck on Gentoo, it is possible to achieve root privilege escalation from the logcheck user because of insecure recursive chown calls. | ||||
| CVE-2025-3395 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.1 High |
| Incorrect Permission Assignment for Critical Resource, Cleartext Storage of Sensitive Information vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||
| CVE-2025-3394 | 1 Abb | 1 Automation Builder | 2025-05-28 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in ABB Automation Builder.This issue affects Automation Builder: through 2.8.0. | ||||