ReportizFlow
Filtered by vendor
Subscriptions
Total
1557 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36193 | 1 Ibm | 1 Transformation Advisor | 2025-09-03 | 8.4 High |
| IBM Transformation Advisor 2.0.1 through 4.3.1 incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Transformation Advisor Operator Catalog image. | ||||
| CVE-2025-1139 | 1 Ibm | 1 Edge Application Manager | 2025-09-03 | 6.1 Medium |
| IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. | ||||
| CVE-2012-10030 | 1 Freefloat | 2 Freefloat Ftp Server, Ftp Server | 2025-09-03 | 9.8 Critical |
| FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction. | ||||
| CVE-2022-34112 | 1 Dataease | 1 Dataease | 2025-09-03 | 6.5 Medium |
| An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator. | ||||
| CVE-2025-0093 | 1 Google | 1 Android | 2025-09-02 | 7.5 High |
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-43268 | 1 Apple | 2 Macos, Macos Sequoia | 2025-09-02 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-2905 | 1 Redhat | 3 Enterprise Linux, Openshift, Rhel Eus | 2025-08-30 | 6.2 Medium |
| A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access. | ||||
| CVE-2025-5819 | 1 Gitlab | 1 Gitlab | 2025-08-29 | 5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | ||||
| CVE-2025-9578 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2025-08-29 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | ||||
| CVE-2025-43729 | 1 Dell | 1 Thinos | 2025-08-29 | 7.8 High |
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | ||||
| CVE-2025-30063 | 2025-08-29 | N/A | ||
| The configuration file containing database logins and passwords is readable by any local user. | ||||
| CVE-2025-53396 | 2025-08-29 | N/A | ||
| Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges. | ||||
| CVE-2024-41974 | 2025-08-28 | 7.1 High | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | ||||
| CVE-2024-41970 | 2025-08-28 | 5.7 Medium | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | ||||
| CVE-2024-6435 | 1 Rockwellautomation | 1 Pavilion8 | 2025-08-27 | 8.8 High |
| A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. | ||||
| CVE-2024-39875 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. | ||||
| CVE-2024-22029 | 2025-08-27 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||
| CVE-2024-24912 | 2 Checkpoint, Microsoft | 2 Harmony Endpoint, Windows | 2025-08-26 | 6.7 Medium |
| A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. | ||||
| CVE-2024-24910 | 2 Checkpoint, Microsoft | 3 Identity Agent, Zonealarm Extreme Security, Windows | 2025-08-26 | 7.3 High |
| A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. | ||||
| CVE-2025-48382 | 1 Codelibs | 1 Fess | 2025-08-26 | 5.5 Medium |
| Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only. | ||||