Total
1394 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-1109 | 1 Lenovo | 1 Leyun | 2025-04-02 | 5.5 Medium |
| An incorrect default permissions vulnerability in Lenovo Leyun cloud music application could allow denial of service. | ||||
| CVE-2025-2781 | 2025-04-01 | N/A | ||
| The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11. | ||||
| CVE-2025-2782 | 2025-04-01 | N/A | ||
| The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10. | ||||
| CVE-2024-53351 | 1 Linuxfoundation | 1 Pipecd | 2025-04-01 | 9.8 Critical |
| Insecure permissions in pipecd v0.49 allow attackers to gain access to the service account's token, leading to escalation of privileges. | ||||
| CVE-2022-3432 | 1 Lenovo | 2 Ideapad Y700-14isk, Ideapad Y700-14isk Firmware | 2025-04-01 | 6.7 Medium |
| A potential vulnerability in a driver used during manufacturing process on the Ideapad Y700-14ISK that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | ||||
| CVE-2023-46270 | 2025-03-28 | 3.3 Low | ||
| MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items. | ||||
| CVE-2024-26574 | 1 Wondershare | 1 Filmora | 2025-03-28 | 7.8 High |
| Insecure Permissions vulnerability in Wondershare Filmora v.13.0.51 allows a local attacker to execute arbitrary code via a crafted script to the WSNativePushService.exe | ||||
| CVE-2025-25535 | 2025-03-27 | 9.8 Critical | ||
| HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request. | ||||
| CVE-2022-23454 | 1 Hp | 1 Support Assistant | 2025-03-27 | 7.8 High |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||||
| CVE-2022-23453 | 1 Hp | 1 Support Assistant | 2025-03-27 | 7.8 High |
| Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files. | ||||
| CVE-2023-45860 | 1 Hazelcast | 1 Hazelcast | 2025-03-27 | 6.5 Medium |
| In Hazelcast Platform through 5.3.4, a security issue exists within the SQL mapping for the CSV File Source connector. This issue arises from inadequate permission checking, which could enable unauthorized clients to access data from files stored on a member's filesystem. | ||||
| CVE-2022-45099 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 7.8 High |
| Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise | ||||
| CVE-2024-6148 | 1 Citrix | 1 Workspace | 2025-03-25 | 8.8 High |
| Bypass of GACS Policy Configuration settings in Citrix Workspace app for HTML5 | ||||
| CVE-2022-31254 | 2 Opensuse, Suse | 4 Leap, Rmt-server, Linux Enterprise Server and 1 more | 2025-03-25 | 7.8 High |
| A Incorrect Default Permissions vulnerability in rmt-server-regsharing service of SUSE Linux Enterprise Server for SAP 15, SUSE Linux Enterprise Server for SAP 15-SP1, SUSE Manager Server 4.1; openSUSE Leap 15.3, openSUSE Leap 15.4 allows local attackers with access to the _rmt user to escalate to root. This issue affects: SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10. SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10. SUSE Manager Server 4.1 rmt-server versions prior to 2.10. openSUSE Leap 15.3 rmt-server versions prior to 2.10. openSUSE Leap 15.4 rmt-server versions prior to 2.10. | ||||
| CVE-2025-24135 | 1 Apple | 1 Macos | 2025-03-25 | 7.8 High |
| This issue was addressed with improved message validation. This issue is fixed in macOS Sequoia 15.3. An app may be able to gain elevated privileges. | ||||
| CVE-2024-54564 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-03-25 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in visionOS 1.3, macOS Sonoma 14.6, iOS 17.6 and iPadOS 17.6. A file received from AirDrop may not have the quarantine flag applied. | ||||
| CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2025-03-24 | 7.8 High |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | ||||
| CVE-2025-24176 | 1 Apple | 1 Macos | 2025-03-24 | 7.1 High |
| A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A local attacker may be able to elevate their privileges. | ||||
| CVE-2025-24093 | 1 Apple | 1 Macos | 2025-03-24 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.3, macOS Sonoma 14.7.3. An app may be able to access removable volumes without user consent. | ||||
| CVE-2024-51440 | 2025-03-22 | 7.8 High | ||
| An issue in Nothing Tech Nothing OS v.2.6 allows a local attacker to escalate privileges via the NtBpfService component. | ||||