ReportizFlow
Filtered by vendor
Subscriptions
Total
1488 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-22849 | 1 Intel | 1 Optane Pmem Management Software | 2026-02-12 | 6.7 Medium |
| Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-31655 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-02-12 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-36522 | 1 Intel | 1 Chipset Software | 2026-02-12 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2025-15343 | 1 Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Enforce. | ||||
| CVE-2025-15335 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15334 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15333 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15340 | 1 Tanium | 2 Comply, Service Comply | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Comply. | ||||
| CVE-2025-15338 | 1 Tanium | 2 Partner Integration, Service Partnerintegration | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | ||||
| CVE-2025-15337 | 1 Tanium | 2 Patch, Service Patch | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Patch. | ||||
| CVE-2025-15336 | 1 Tanium | 2 Performance, Service Performance | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Performance. | ||||
| CVE-2026-25931 | 1 Streetsidesoftware | 1 Vscode-spell-checker | 2026-02-10 | 7.8 High |
| vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace configuration each time settings are fetched. The code coerces any truthy value to true and forwards it to ConfigLoader.setIsTrusted , which in turn allows JavaScript/TypeScript configuration files ( .cspell.config.js/.mjs/.ts , etc.) to be located and executed. Because no VS Code workspace-trust state is consulted, an untrusted workspace can keep the flag true and place a malicious .cspell.config.js ; opening the workspace causes the extension host to execute attacker-controlled Node.js code with the user’s privileges. This vulnerability is fixed in v4.5.4. | ||||
| CVE-2025-10314 | 1 Mitsubishi Electric | 1 Freqship-mini | 2026-02-05 | 8.8 High |
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (DoS) condition on the affected system. | ||||
| CVE-2025-55132 | 1 Nodejs | 2 Node.js, Nodejs | 2026-02-04 | 5.3 Medium |
| A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | ||||
| CVE-2025-20984 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | 6.8 Medium |
| Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. | ||||
| CVE-2025-20910 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | 6.2 Medium |
| Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery. | ||||
| CVE-2025-8485 | 1 Lenovo | 1 App Store | 2026-02-02 | 7.3 High |
| An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. | ||||
| CVE-2024-55930 | 1 Xerox | 1 Workplace Suite | 2026-01-31 | 6.7 Medium |
| Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files | ||||