Total
1504 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3668 | 1 Ideabox | 1 Powerpack Addons For Elementor | 2025-04-08 | 8.8 High |
| The PowerPack Pro for Elementor plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.10.17. This is due to the plugin not restricting low privileged users from setting a default role for a registration form. This makes it possible for authenticated attackers, with contributor-level access and above, to create a registration form with administrator set as the default role and then register as an administrator. | ||||
| CVE-2025-23403 | 2025-04-08 | 7 High | ||
| A vulnerability has been identified in SIMATIC IPC DiagBase (All versions), SIMATIC IPC DiagMonitor (All versions). The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to privilege escalation or bypassing endpoint protection and other security measures. | ||||
| CVE-2023-27084 | 1 Iteachyou | 1 Dreamer Cms | 2025-04-04 | 5.3 Medium |
| Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | ||||
| CVE-2025-25041 | 2025-04-03 | 5.5 Medium | ||
| A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). A successful exploit could allow the creation of a Denial-of-Service (DoS) condition affecting the Microsoft Windows Operating System. This vulnerability does not affect Linux and Android based clients. | ||||
| CVE-2022-34457 | 1 Dell | 1 Command\|configure | 2025-04-03 | 7.3 High |
| Dell command configuration, version 4.8 and prior, contains improper folder permission when installed not to default path but to non-secured path which leads to privilege escalation. This is critical severity vulnerability as it allows non-admin to modify the files inside installed directory and able to make application unavailable for all users. | ||||
| CVE-2025-25373 | 1 Nasa | 1 Cfs | 2025-04-03 | 9.8 Critical |
| The Memory Management Module of NASA cFS (Core Flight System) Aquila has insecure permissions, which can be exploited to gain an RCE on the platform. | ||||
| CVE-2023-22592 | 2 Ibm, Redhat | 2 Robotic Process Automation For Cloud Pak, Openshift | 2025-04-03 | 4 Medium |
| IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073. | ||||
| CVE-2004-1714 | 1 Iss | 2 Blackice Pc Protection, Blackice Server Protection | 2025-04-03 | 7.1 High |
| BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | ||||
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2025-04-03 | 7.1 High |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | ||||
| CVE-2001-0006 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.1 High |
| The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | ||||
| CVE-2023-20923 | 1 Google | 1 Android | 2025-04-02 | 5.5 Medium |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | ||||
| CVE-2021-22117 | 2 Broadcom, Microsoft | 2 Rabbitmq Server, Windows | 2025-04-02 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2025-21325 | 1 Microsoft | 6 Windows 10 21h2, Windows 10 22h2, Windows 11 22h2 and 3 more | 2025-04-02 | 7.8 High |
| Windows Secure Kernel Mode Elevation of Privilege Vulnerability | ||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | 7.8 High |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | ||||
| CVE-2024-30413 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-29078 | 2025-03-28 | 7.5 High | ||
| Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | ||||
| CVE-2023-52715 | 1 Huawei | 1 Harmonyos | 2025-03-28 | 7.5 High |
| The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | 8.8 High |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | ||||
| CVE-2024-12151 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 5 Medium |
| Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | ||||
| CVE-2024-12149 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 8.1 High |
| Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | ||||