Total
1440 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54747 | 1 Wavlink | 2 Wn531p3, Wn531p3 Firmware | 2025-10-03 | 9.8 Critical |
| WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | ||||
| CVE-2025-23297 | 2 Microsoft, Nvidia | 2 Windows, App | 2025-10-02 | 7.8 High |
| NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2024-55398 | 1 4cstrategies | 1 Exonaut | 2025-10-01 | 6.5 Medium |
| 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. | ||||
| CVE-2024-46465 | 2 Microsoft, Primx | 2 Windows, Cryhod | 2025-10-01 | 7.8 High |
| By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability. | ||||
| CVE-2024-48533 | 2 Esoft, Esoftplanner | 2 Planner, Esoft Planner | 2025-10-01 | 5.3 Medium |
| A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. | ||||
| CVE-2024-40514 | 1 Themesbrand | 1 Chatvia | 2025-09-30 | 4.6 Medium |
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | ||||
| CVE-2025-55111 | 2 Bmc, Linux | 3 Control-m/agent, Control-m\/agent, Linux Kernel | 2025-09-29 | 5.5 Medium |
| Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files. | ||||
| CVE-2024-58046 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 6.2 Medium |
| Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 5.1 Medium |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-27521 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 6.8 Medium |
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58050 | 1 Huawei | 1 Harmonyos | 2025-09-26 | 6.2 Medium |
| Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-4664 | 1 Adobe | 1 Connect | 2025-09-24 | 8.8 High |
| Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | ||||
| CVE-2025-43595 | 2 Linux, Msp360 | 2 Linux Kernel, Backup | 2025-09-23 | 7.8 High |
| An insecure file system permissions vulnerability in MSP360 Backup 4.3.1.115 allows a low privileged user to execute commands with root privileges in the 'Online Backup' folder. Upgrade to MSP360 Backup 4.4 (released on 2025-04-22). | ||||
| CVE-2025-43596 | 1 Msp360 | 1 Backup | 2025-09-23 | 7.8 High |
| An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (released on 2025-05-15). | ||||
| CVE-2024-6238 | 1 Pgadmin | 1 Pgadmin 4 | 2025-09-23 | 7.4 High |
| pgAdmin <= 8.8 has an installation Directory permission issue. Because of this issue, attackers can gain unauthorised access to the installation directory on the Debian or RHEL 8 platforms. | ||||
| CVE-2025-10231 | 2 Microsoft, N-able | 2 Windows, N-central | 2025-09-22 | 7 High |
| An Incorrect File Handling Permission bug exists on the N-central Windows Agent and Probe that, in the right circumstances, can allow a local low-level user to run commands with elevated permissions. | ||||
| CVE-2025-53947 | 2 Cognex, Microsoft | 3 In-sight Camera Firmware, In-sight Explorer, Windows | 2025-09-19 | 7.7 High |
| A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content. | ||||
| CVE-2024-27456 | 1 Rylabs | 1 Rack Cors Middleware | 2025-09-18 | 9.1 Critical |
| rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. | ||||
| CVE-2022-48757 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-09-17 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. This is minor information leakage as packet socket is namespace aware. Add a net pointer in `packet_type` to keep the net namespace of of corresponding packet socket. In `ptype_seq_show`, this net pointer must be checked when it is not NULL. | ||||
| CVE-2025-57625 | 1 Microsoft | 1 Windows | 2025-09-17 | 8.8 High |
| CYRISMA Sensor before 444 for Windows has an Insecure Folder and File Permissions vulnerability. A low-privileged user can abuse these issues to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM by replacing DataSpotliteAgent.exe or any other binaries called by the Cyrisma_Agent service when it starts | ||||