ReportizFlow
Filtered by vendor
Subscriptions
Total
1673 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-33088 | 2 Ibm, Linux | 2 Concert, Linux Kernel | 2026-02-26 | 7.4 High |
| IBM Concert 1.0.0 through 2.1.0 could allow a local user with specific knowledge about the system's architecture to escalate their privileges due to incorrect file permissions for critical resources. | ||||
| CVE-2026-24834 | 1 Katacontainers | 2 Kata-containers, Kata Containers | 2026-02-26 | 9.4 Critical |
| Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue. | ||||
| CVE-2022-22988 | 1 Westerndigital | 1 Edgerover | 2026-02-24 | 7.7 High |
| File and directory permissions have been corrected to prevent unintended users from modifying or accessing resources. It would be more difficult for an authenticated attacker to now traverse through the files and directories. This can only be exploited once an attacker has already found a way to get authenticated access to the device. | ||||
| CVE-2022-1316 | 2 Microsoft, Zerotier | 2 Windows, Zerotierone | 2026-02-24 | 8.8 High |
| Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation | ||||
| CVE-2022-0338 | 1 Loguru Project | 1 Loguru | 2026-02-24 | 4.3 Medium |
| Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3. | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2026-02-24 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2024-11176 | 2026-02-23 | N/A | ||
| Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. | ||||
| CVE-2024-47475 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5 Medium |
| Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2021-21567 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 7.8 High |
| Dell PowerScale OneFS 9.1.0.x contains an improper privilege management vulnerability. It may allow an authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE to elevate privilege. | ||||
| CVE-2026-23648 | 1 Glory Global Solutions | 1 Rbg-100 | 2026-02-18 | 7.8 High |
| Glory RBG-100 recycler systems using the ISPK-08 software component contain multiple system binaries with overly permissive file permissions. Several binaries executed by the root user are writable and executable by unprivileged local users. An attacker with local access can replace or modify these binaries to execute arbitrary commands with root privileges, enabling local privilege escalation. | ||||
| CVE-2026-24049 | 2 Pypa, Wheel Project | 2 Wheel, Wheel | 2026-02-18 | 7.1 High |
| wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2. | ||||
| CVE-2019-25343 | 1 Vm3max | 1 Nextvpn | 2026-02-14 | 7.8 High |
| NextVPN 4.10 contains an insecure file permissions vulnerability that allows local users to modify executable files with full access rights. Attackers can replace system executables with malicious files to gain SYSTEM or Administrator privileges through unauthorized file modification. | ||||
| CVE-2025-21325 | 1 Microsoft | 11 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-02-13 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2025-52627 | 1 Hcltech | 1 Aion | 2026-02-10 | 5.5 Medium |
| Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unauthorized changes.This issue affects AION: 2.0. | ||||
| CVE-2025-64319 | 1 Salesforce | 2 Mulesoft, Mulesoft Anypoint Code Builder | 2026-02-04 | 5.3 Medium |
| Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Mulesoft Anypoint Code Builder allows Manipulating Writeable Configuration Files.This issue affects Mulesoft Anypoint Code Builder: before 1.12.1 | ||||
| CVE-2025-64322 | 1 Salesforce | 2 Agentforce Vibes, Agentforce Vibes Extension | 2026-02-04 | 5.3 Medium |
| Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0. | ||||
| CVE-2024-45497 | 1 Redhat | 2 Jboss Fuse, Openshift | 2026-02-04 | 7.6 High |
| A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties. | ||||
| CVE-2025-2503 | 1 Lenovo | 1 Pcmanager | 2026-02-02 | 7.1 High |
| An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | ||||
| CVE-2025-8148 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2026-01-30 | 4.2 Medium |
| An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key. | ||||
| CVE-2020-36938 | 1 Winavr | 1 Winavr | 2026-01-29 | 8.8 High |
| WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory. | ||||