Total
1482 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52361 | 1 Ak-nord | 1 Usb-server-lxl | 2025-11-03 | 7.8 High |
| Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot. | ||||
| CVE-2025-27682 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Insecure Log Permissions V-2022-005. | ||||
| CVE-2025-27677 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-11-03 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Symbolic Links For Unprivileged File Interaction V-2022-002. | ||||
| CVE-2025-62577 | 5 Fsas Technologies, Linux, Microsoft and 2 more | 5 Eternus Sf, Linux, Windows Server and 2 more | 2025-11-03 | N/A |
| ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges. | ||||
| CVE-2022-22948 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-10-31 | 6.5 Medium |
| The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2025-8432 | 1 Centreon | 1 Centreon | 2025-10-30 | 8.4 High |
| Incorrect Default Permissions vulnerability in Centreon Infra Monitoring (MBI modules) allows Embedding Scripts within Scripts by CentreonBI user account on the MBI server This issue affects Infra Monitoring: from 24.10.0 before 24.10.6, from 24.04.0 before 24.04.9, from 23.10.0 before 23.10.15. | ||||
| CVE-2024-42188 | 1 Hcltech | 1 Connections | 2025-10-28 | 3.7 Low |
| HCL Connections is vulnerable to a broken access control vulnerability that may allow an unauthorized user to update data in certain scenarios. | ||||
| CVE-2025-46185 | 1 Pgcodekeeper | 1 Pgcodekeeper | 2025-10-27 | 6.2 Medium |
| An Insecure Permission vulnerability in pgcodekeeper 10.12.0 allows a local attacker to obtain sensitive information via the plaintext storage of passwords and usernames. | ||||
| CVE-2025-61035 | 1 Seffaflik | 1 Seffaflik | 2025-10-27 | 7.7 High |
| The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink checks, allowing local attackers to overwrite arbitrary files. This can result in information disclosure and denial of service. | ||||
| CVE-2025-23347 | 1 Nvidia | 6 Geforce, Nvs, Project G Assist and 3 more | 2025-10-27 | 7.8 High |
| NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. | ||||
| CVE-2025-62661 | 1 Mediawiki | 1 Mediawiki | 2025-10-23 | N/A |
| Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension: from 1.43 before 1.44. | ||||
| CVE-2025-35062 | 1 Newforma | 2 Project Center, Project Center Server | 2025-10-22 | 5.3 Medium |
| Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication. | ||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2025-10-22 | 9.8 Critical |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | ||||
| CVE-2025-36632 | 2 Microsoft, Tenable | 2 Windows, Nessus Agent | 2025-10-21 | 7.8 High |
| In Tenable Agent versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could execute code with SYSTEM privilege. | ||||
| CVE-2025-62668 | 1 Mediawiki | 1 Mediawiki | 2025-10-21 | N/A |
| Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - GrowthExperiments Extension allows Resource Leak Exposure.This issue affects Mediawiki - GrowthExperiments Extension: from master before 1.39. | ||||
| CVE-2025-54086 | 1 Absolute | 1 Secure Access | 2025-10-16 | 3.3 Low |
| CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability. | ||||
| CVE-2025-46014 | 1 Honor | 1 Pc Manager | 2025-10-15 | 8.8 High |
| Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation. | ||||
| CVE-2025-29504 | 1 Huang-yk | 1 Student-manage | 2025-10-15 | 7.8 High |
| Insecure Permission vulnerability in student-manage 1 allows a local attacker to escalate privileges via the Unsafe permission verification. | ||||
| CVE-2024-0245 | 1 Hamza417 | 1 Inure | 2025-10-15 | N/A |
| A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11. | ||||
| CVE-2025-8069 | 2025-10-14 | 7.8 High | ||
| During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2. | ||||