ReportizFlow
Filtered by vendor
Subscriptions
Total
1488 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27674 | 2 Macro-expert, Macroexpert | 2 Macro Expert, Macroexpert | 2026-01-31 | 7.8 High |
| Macro Expert through 4.9.4 allows BUILTIN\Users:(OI)(CI)(M) access to the "%PROGRAMFILES(X86)%\GrassSoft\Macro Expert" folder and thus an unprivileged user can escalate to SYSTEM by replacing the MacroService.exe binary. | ||||
| CVE-2025-13905 | 1 Schneider-electric | 2 Ecostruxure Process Expert, Ecostruxure Process Expert For Aveva System Platform | 2026-01-30 | N/A |
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | ||||
| CVE-2025-27926 | 1 Nintex | 1 Automation | 2026-01-29 | 4.3 Medium |
| In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | ||||
| CVE-2025-67230 | 1 Todesktop | 1 Builder | 2026-01-29 | 7.1 High |
| Improper permissions in the handler for the Custom URL Scheme in ToDesktop Builder v0.33.0 allows attackers with renderer-context access to invoke external protocol handlers without sufficient validation. | ||||
| CVE-2026-0705 | 1 Acronis | 1 Cloud Manager | 2026-01-29 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build 6.4.25342.354. | ||||
| CVE-2025-60262 | 1 H3c | 6 Ba1500l, M102g, Magic Ba1500l and 3 more | 2026-01-29 | 9.8 Critical |
| An issue in H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point, there is a misconfiguration vulnerability about vsftpd. Through this vulnerability, all files uploaded anonymously via the FTP protocol is automatically owned by the root user and remote attackers could gain root-level control over the devices. | ||||
| CVE-2025-39201 | 1 Hitachienergy | 1 Microscada X Sys600 | 2026-01-26 | 6.1 Medium |
| A vulnerability exists in MicroSCADA X SYS600 product. If exploited this could allow a local unauthenticated attacker to tamper a system file, making denial of Notify service. | ||||
| CVE-2021-47852 | 1 Rockstargames | 1 Launcher | 2026-01-26 | 8.8 High |
| Rockstar Games Launcher 1.0.37.349 contains a privilege escalation vulnerability that allows authenticated users to modify the service executable with weak permissions. Attackers can replace the RockstarService.exe with a malicious binary to create a new administrator user and gain elevated system access. | ||||
| CVE-2025-15523 | 2 Apple, Inkscape | 2 Macos, Inkscape | 2026-01-26 | 4.4 Medium |
| MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape. | ||||
| CVE-2024-39544 | 2 Juniper, Juniper Networks | 2 Junos Os Evolved, Junos Os Evolved | 2026-01-23 | 5 Medium |
| An Incorrect Default Permissions vulnerability in the command line interface (CLI) of Juniper Networks Junos OS Evolved allows a low privileged local attacker to view NETCONF traceoptions files, representing an exposure of sensitive information. On all Junos OS Evolved platforms, when NETCONF traceoptions are configured, NETCONF traceoptions files get created with an incorrect group permission, which allows a low-privileged user can access sensitive information compromising the confidentiality of the system. Junos OS Evolved: * All versions before 20.4R3-S9-EVO, * 21.2-EVO before 21.2R3-S7-EVO, * 21.4-EVO before 21.4R3-S5-EVO, * 22.1-EVO before 22.1R3-S5-EVO, * 22.2-EVO before 22.2R3-S3-EVO, * 22.3-EVO before 22.3R3-EVO, 22.3R3-S2-EVO, * 22.4-EVO before 22.4R3-EVO, * 23.2-EVO before 23.2R1-S2-EVO, 23.2R2-EVO. | ||||
| CVE-2025-5255 | 2026-01-21 | N/A | ||
| The Phoenix Code's configuration on macOS, specifically the presence of entitlements: "com.apple.security.cs.allow-dyld-environment-variables" and "com.apple.security.cs.disable-library-validation" allows for Dynamic Library (Dylib) injection. A local attacker with unprivileged access can use environment variables like DYLD_INSERT_LIBRARIES to successfully inject code in application's context and bypass Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in commit 0c75fb57f89d0b7d9b180026bc2624b7dcf807da | ||||
| CVE-2025-67813 | 1 Quest | 1 Kace Desktop Authority | 2026-01-20 | 5.3 Medium |
| Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication | ||||
| CVE-2021-47761 | 1 Millegpg | 1 Millegpg5 | 2026-01-16 | 7.8 High |
| MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restarts. | ||||
| CVE-2024-45819 | 1 Xen | 1 Xen | 2026-01-14 | 5.5 Medium |
| PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | ||||
| CVE-2023-29162 | 1 Intel | 18 Advisor, Cluster Checker, Cplusplus Compiler Classic and 15 more | 2026-01-14 | 6 Medium |
| Improper buffer restrictions the Intel(R) C++ Compiler Classic before version 2021.8 for Intel(R) oneAPI Toolkits before version 2022.3.1 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-45467 | 1 Unitree | 2 Go1, Go1 Firmware | 2026-01-12 | 7.1 High |
| Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | ||||
| CVE-2024-7587 | 2 Iconics, Mitsubishielectric | 2 Genesis64, Mc Works64 | 2026-01-09 | 7.8 High |
| Incorrect Default Permissions vulnerability in GenBroker32, which is included in the installers for Mitsubishi Electric GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97.3 and prior, Mitsubishi Electric ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97.3 and prior, Mitsubishi Electric GENESIS32 versions 9.70.300.23 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.70.300.23 and prior, and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to disclose or tamper with confidential information and data contained in the products, or cause a denial of service (DoS) condition on the products, by accessing a folder with incorrect permissions, when GenBroker32 is installed on the same PC as GENESIS64, ICONICS Suite, MC Works64, or GENESIS32. | ||||
| CVE-2024-31442 | 1 Redon | 1 Roblox Purchasing Hub | 2026-01-07 | 8.8 High |
| Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command is `/products admin clear` as this was already programmed for bot owners only. All users should upgrade to version 1.0.2 to receive a patch. | ||||
| CVE-2025-53398 | 1 Portrait | 2 Dell Color Management, Dell Color Management Application | 2026-01-02 | 7.8 High |
| The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions, | ||||
| CVE-2025-53919 | 1 Portrait | 2 Dell Color Management, Dell Color Management Application | 2026-01-02 | 7.8 High |
| An issue was discovered in the Portrait Dell Color Management application through 3.3.008 for Dell monitors, It creates a temporary folder, with weak permissions, during installation and uninstallation. A low-privileged attacker with local access could potentially exploit this, leading to elevation of privileges. | ||||