Total
1290 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29801 | 2025-04-29 | 7.8 High | ||
| Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-32981 | 2025-04-29 | 7.1 High | ||
| NETSCOUT nGeniusONE before 6.4.0 b2350 allows local users to leverage Insecure Permissions for the nGeniusCLI File. | ||||
| CVE-2025-42598 | 2025-04-29 | 7.8 High | ||
| Multiple SEIKO EPSON printer drivers for Windows OS are configured with an improper access permission settings when installed or used in a language other than English. If a user is directed to place a crafted DLL file in a location of an attacker's choosing, the attacker may execute arbitrary code with SYSTEM privilege on a Windows system on which the printer driver is installed. | ||||
| CVE-2022-37018 | 1 Hp | 150 Elite Slice, Elite Slice Firmware, Elite X2 1012 G1 and 147 more | 2025-04-29 | 8.4 High |
| A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential vulnerability. | ||||
| CVE-2022-1038 | 1 Hp | 481 15-f200 Notebook Pc Touch, 240 G5 Notebook Pc, 240 G6 Notebook Pc and 478 more | 2025-04-29 | 7.8 High |
| A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP software. | ||||
| CVE-2021-3437 | 1 Hp | 50 Envy Te01-0xxx, Envy Te01-1xxx, Envy Te01-2xxx and 47 more | 2025-04-29 | 9.8 Critical |
| Potential security vulnerabilities have been identified in an OMEN Gaming Hub SDK package which may allow escalation of privilege and/or denial of service. HP is releasing software updates to mitigate the potential vulnerabilities. | ||||
| CVE-2022-30355 | 1 Ovaledge | 1 Ovaledge | 2025-04-28 | 9.8 Critical |
| OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required. | ||||
| CVE-2022-42718 | 1 Ni | 1 Labview Command Line Interface | 2025-04-24 | 7.8 High |
| Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-44929 | 1 D-link | 2 Dvg-g5402sp, Dvg-g5402sp Firmware | 2025-04-24 | 9.8 Critical |
| An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles. | ||||
| CVE-2022-42446 | 1 Hcltech | 1 Sametime | 2025-04-24 | 6.5 Medium |
| Starting with Sametime 12, anonymous users are enabled by default. After logging in as an anonymous user, one has the ability to browse the User Directory and potentially create chats with internal users. | ||||
| CVE-2024-25605 | 1 Liferay | 4 Digital Experience Platform, Dxp, Liferay Portal and 1 more | 2025-04-24 | 5.3 Medium |
| The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API. | ||||
| CVE-2022-45562 | 1 Telosalliance | 2 Omnia Mpx Node, Omnia Mpx Node Firmware | 2025-04-24 | 8.8 High |
| Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access. | ||||
| CVE-2022-27773 | 1 Ivanti | 1 Endpoint Manager | 2025-04-24 | 9.8 Critical |
| A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that allows a user to execute commands with elevated privileges. | ||||
| CVE-2025-0014 | 2025-04-24 | 7.3 High | ||
| Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-24826 | 2025-04-24 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Snap Deploy (Windows) before build 4625. | ||||
| CVE-2022-21704 | 2 Debian, Log4js Project | 2 Debian Linux, Log4js | 2025-04-23 | 5.5 Medium |
| log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update. | ||||
| CVE-2021-41166 | 1 Nextcloud | 1 Nextcloud | 2025-04-23 | 4.3 Medium |
| The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required `MANAGE_DOCUMENTS` permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds. | ||||
| CVE-2022-24804 | 1 Discourse | 1 Discourse | 2025-04-23 | 5.3 Medium |
| Discourse is an open source platform for community discussion. In stable versions prior to 2.8.3 and beta versions prior 2.9.0.beta4 erroneously expose groups. When a group with restricted visibility has been used to set the permissions of a category, the name of the group is leaked to any user that is able to see the category. To workaround the problem, a site administrator can remove groups with restricted visibility from any category's permissions setting. | ||||
| CVE-2022-29162 | 3 Fedoraproject, Linuxfoundation, Redhat | 4 Fedora, Runc, Enterprise Linux and 1 more | 2025-04-23 | 5.9 Medium |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. | ||||
| CVE-2022-29178 | 1 Cilium | 1 Cilium | 2025-04-23 | 8.8 High |
| Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 1000 can access the API of Cilium via Unix domain socket available on the host where Cilium is running. This could allow malicious users to compromise integrity as well as system availability on that host. The problem has been fixed and the patch is available in versions 1.9.16, 1.10.11, and 1.11.5. A potential workaround is to modify Cilium's DaemonSet to run with a certain command, which can be found in the GitHub Security Advisory for this vulnerability. | ||||