Total
1403 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1488 | 2 Fedoraproject, Redhat | 23 Unbound, Codeready Linux Builder, Codeready Linux Builder Eus and 20 more | 2025-08-01 | 8 High |
| A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. | ||||
| CVE-2025-54530 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 7.5 High |
| In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | ||||
| CVE-2025-21106 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-07-31 | 5.5 Medium |
| Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system. | ||||
| CVE-2024-9858 | 2 Google, Google Cloud | 2 Migrate To Containers, Migrate To Containers | 2025-07-30 | 7.8 High |
| There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | ||||
| CVE-2024-47013 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47014 | 1 Google | 1 Android | 2025-07-24 | 8.8 High |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | ||||
| CVE-2024-47016 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-11624 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53835 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53840 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53841 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-53945 | 2025-07-22 | 7 High | ||
| apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue. | ||||
| CVE-2025-54059 | 2025-07-22 | 4.4 Medium | ||
| melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue. | ||||
| CVE-2024-32861 | 1 Johnsoncontrols | 1 Software House C-cure 9000 | 2025-07-21 | 7.8 High |
| Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions. | ||||
| CVE-2025-0886 | 2025-07-17 | 7.8 High | ||
| An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges. | ||||
| CVE-2024-38459 | 1 Langchain | 1 Langchain-experimental | 2025-07-16 | 7.8 High |
| langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444. | ||||
| CVE-2025-7672 | 2025-07-15 | 4.3 Medium | ||
| The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23. | ||||
| CVE-2024-49202 | 1 Keyfactor | 1 Command | 2025-07-15 | 7.6 High |
| Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | ||||
| CVE-2024-45819 | 1 Xen | 1 Xen | 2025-07-15 | 5.5 Medium |
| PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | ||||
| CVE-2025-3617 | 1 Rockwellautomation | 1 Thinmanager | 2025-07-14 | 7.8 High |
| A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges. | ||||