ReportizFlow
Filtered by vendor
Subscriptions
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29078 | 2026-04-15 | 7.5 High | ||
| Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | ||||
| CVE-2025-46802 | 1 Gnu | 1 Screen | 2026-04-15 | 6 Medium |
| For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. | ||||
| CVE-2023-53949 | 1 Aspemail | 1 Aspemail | 2026-04-15 | 8.4 High |
| AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access. | ||||
| CVE-2024-44729 | 1 Mirotalk | 1 Mirotalk P2p | 2026-04-15 | 7.5 High |
| Incorrect access control in the component app/src/server.js of Mirotalk before commit 9de226 allows unauthenticated attackers without presenter privileges to arbitrarily eject users from a meeting. | ||||
| CVE-2024-54910 | 2026-04-15 | 4.7 Medium | ||
| Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | ||||
| CVE-2025-0374 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 6.5 Medium |
| When etcupdate encounters conflicts while merging files, it saves a version containing conflict markers in /var/db/etcupdate/conflicts. This version does not preserve the mode of the input file, and is world-readable. This applies to files that would normally have restricted visibility, such as /etc/master.passwd. An unprivileged local user may be able to read encrypted root and user passwords from the temporary master.passwd file created in /var/db/etcupdate/conflicts. This is possible only when conflicts within the password file arise during an update, and the unprotected file is deleted when conflicts are resolved. | ||||
| CVE-2025-54497 | 1 Cognex | 2 In-sight Camera Firmware, In-sight Explorer | 2026-04-15 | 8.1 High |
| Cognex In-Sight Explorer and In-Sight Camera Firmware expose a telnet-based service on port 23 to allow management operations such as firmware upgrades and device reboots, which require authentication. A user with protected privileges can successfully invoke the SetSerialPort functionality to modify relevant device properties (such as serial interface settings), contradicting the security model proposed in the user manual. | ||||
| CVE-2025-34025 | 1 Versa | 1 Concerto | 2026-04-15 | N/A |
| The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | ||||
| CVE-2024-12363 | 2026-04-15 | 7.1 High | ||
| Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management. | ||||
| CVE-2024-30208 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2026-04-15 | 6.3 Medium |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). The "DBTest" tool of SIMATIC RTLS Locating Manager does not properly enforce access restriction. This could allow an authenticated local attacker to extract sensitive information from memory. | ||||
| CVE-2024-22029 | 2026-04-15 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||
| CVE-2025-23258 | 1 Nvidia | 1 Doca | 2026-04-15 | 7.3 High |
| NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2024-41974 | 2026-04-15 | 7.1 High | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | ||||
| CVE-2020-36916 | 2026-04-15 | 8.8 High | ||
| TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | ||||
| CVE-2023-5936 | 2026-04-15 | 7.8 High | ||
| On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. | ||||
| CVE-2025-12147 | 1 Search-guard | 1 Search Guard | 2026-04-15 | N/A |
| In Search Guard FLX versions 3.1.1 and earlier, Field-Level Security (FLS) rules are improperly enforced on object-valued fields. When an FLS exclusion rule (e.g., ~field) is applied to a field which contains an object as its value, the object is correctly removed from the _source returned by search operations. However, the object members (i.e., child attributes) remain accessible to search queries. This exposure allows adversaries to infer or reconstruct the original contents of the excluded object. Workaround - If you cannot upgrade immediately and FLS exclusion rules are used for object valued attributes (like ~object), add an additional exclusion rule for the members of the object (like ~object.*). | ||||
| CVE-2024-29187 | 2026-04-15 | 7.3 High | ||
| WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5. | ||||
| CVE-2025-52923 | 1 Sangfor | 1 Atrust | 2026-04-15 | 4.3 Medium |
| Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. | ||||
| CVE-2024-27108 | 2026-04-15 | 6.8 Medium | ||
| Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products | ||||
| CVE-2026-34450 | 2 Anthropic, Anthropics | 2 Claude Sdk For Python, Anthropic-sdk-python | 2026-04-14 | 4.4 Medium |
| The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read persisted agent state, and in containerized deployments could modify memory files to influence subsequent model behavior. Both the synchronous and asynchronous memory tool implementations were affected. This issue has been patched in version 0.87.0. | ||||