Total
1602 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21325 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-09-09 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2025-40804 | 1 Siemens | 1 Simatic | 2025-09-09 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. | ||||
| CVE-2024-55955 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | 6.7 Medium |
| An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2025-41664 | 1 Wago | 3 0750-0362, 0750-0363, 0750-0366 | 2025-09-08 | 7.5 High |
| A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware. | ||||
| CVE-2025-23257 | 1 Nvidia | 1 Doca | 2025-09-05 | 7.3 High |
| NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-23258 | 1 Nvidia | 1 Doca | 2025-09-05 | 7.3 High |
| NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2024-11584 | 1 Canonical | 1 Cloud-init | 2025-09-05 | 5.9 Medium |
| cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands. | ||||
| CVE-2025-1139 | 1 Ibm | 1 Edge Application Manager | 2025-09-03 | 6.1 Medium |
| IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. | ||||
| CVE-2012-10030 | 1 Freefloat | 2 Freefloat Ftp Server, Ftp Server | 2025-09-03 | 9.8 Critical |
| FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction. | ||||
| CVE-2025-0093 | 1 Google | 1 Android | 2025-09-02 | 7.5 High |
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2025-5819 | 1 Gitlab | 1 Gitlab | 2025-08-29 | 5 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | ||||
| CVE-2025-9578 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2025-08-29 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | ||||
| CVE-2025-53396 | 2025-08-29 | N/A | ||
| Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges. | ||||
| CVE-2025-30063 | 2025-08-29 | N/A | ||
| The configuration file containing database logins and passwords is readable by any local user. | ||||
| CVE-2025-43729 | 1 Dell | 1 Thinos | 2025-08-29 | 7.8 High |
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | ||||
| CVE-2024-41974 | 2025-08-27 | 7.1 High | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | ||||
| CVE-2024-41970 | 2025-08-27 | 5.7 Medium | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | ||||
| CVE-2024-6435 | 1 Rockwellautomation | 1 Pavilion8 | 2025-08-27 | 8.8 High |
| A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section. | ||||
| CVE-2024-39875 | 1 Siemens | 1 Sinema Remote Connect Server | 2025-08-27 | 4.3 Medium |
| A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships. | ||||
| CVE-2024-22029 | 2025-08-26 | 7.8 High | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | ||||