Total
115 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46708 | 2025-07-01 | 4.3 Medium | ||
| Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU. | ||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | 7.8 High |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | ||||
| CVE-2025-2503 | 2025-06-02 | 7.1 High | ||
| An improper permission handling vulnerability was reported in Lenovo PC Manager that could allow a local attacker to perform arbitrary file deletions as an elevated user. | ||||
| CVE-2023-32207 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-05-27 | 8.8 High |
| A missing delay in popup notifications could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11. | ||||
| CVE-2025-30453 | 1 Apple | 1 Macos | 2025-05-27 | 7.8 High |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.4, macOS Ventura 13.7.6, macOS Sonoma 14.7.6. A malicious app may be able to gain root privileges. | ||||
| CVE-2024-25844 | 1 Common-services | 1 So Flexibilite | 2025-05-23 | 7.5 High |
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | ||||
| CVE-2025-46740 | 2025-05-12 | 7.5 High | ||
| An authenticated user without user administrative permissions could change the administrator Account Name. | ||||
| CVE-2025-46584 | 1 Huawei | 1 Harmonyos | 2025-05-09 | 7.8 High |
| Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 8.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-25108 | 1 Pixelfed | 1 Pixelfed | 2025-05-07 | 9.9 Critical |
| Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2021-38312 | 1 Redux | 1 Gutenberg Template Library \& Redux Framework | 2025-05-05 | 7.1 High |
| The Gutenberg Template Library & Redux Framework plugin <= 4.2.11 for WordPress used an incorrect authorization check in the REST API endpoints registered under the “redux/v1/templates/” REST Route in “redux-templates/classes/class-api.php”. The `permissions_callback` used in this file only checked for the `edit_posts` capability which is granted to lower-privileged users such as contributors, allowing such users to install arbitrary plugins from the WordPress repository and edit arbitrary posts. | ||||
| CVE-2022-39886 | 1 Google | 1 Android | 2025-05-01 | 5.9 Medium |
| Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | ||||
| CVE-2022-39885 | 1 Google | 1 Android | 2025-05-01 | 5.9 Medium |
| Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | ||||
| CVE-2022-39912 | 1 Google | 1 Android | 2025-04-23 | 6.2 Medium |
| Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | ||||
| CVE-2025-20649 | 2 Mediatek, Openwrt | 11 Mt6880, Mt6890, Mt6980 and 8 more | 2025-04-22 | 6.5 Medium |
| In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184. | ||||
| CVE-2024-22078 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 8.8 High |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | ||||
| CVE-2024-22077 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 5.3 Medium |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. | ||||
| CVE-2022-4863 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2025-0468 | 2025-04-07 | 7.1 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. | ||||