Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-38473 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-15 | 8.8 High |
| A cross-origin iframe referencing an XSLT document would inherit the parent domain's permissions (such as microphone or camera access). This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104. | ||||
| CVE-2022-4326 | 2 Microsoft, Trellix | 2 Windows, Endpoint Security | 2025-04-14 | 5.5 Medium |
| Improper preservation of permissions vulnerability in Trellix Endpoint Agent (xAgent) prior to V35.31.22 on Windows allows a local user with administrator privileges to bypass the product protection to uninstall the agent via incorrectly applied permissions in the removal protection functionality. | ||||
| CVE-2013-6335 | 4 Hp, Ibm, Linux and 1 more | 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more | 2025-04-12 | N/A |
| The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. | ||||
| CVE-2024-23560 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | 4.4 Medium |
| HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. | ||||
| CVE-2022-42260 | 5 Citrix, Linux, Nvidia and 2 more | 12 Hypervisor, Linux Kernel, Cloud Gaming and 9 more | 2025-04-11 | 7.8 High |
| NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2024-39902 | 1 Enalean | 1 Tuleap | 2025-04-10 | 4.8 Medium |
| Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox "Apply same permissions to all sub-items of this folder" in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8. | ||||
| CVE-2023-49932 | 1 Couchbase | 1 Couchbase Server | 2025-04-08 | 5.4 Medium |
| An issue was discovered in Couchbase Server before 7.2.4. An attacker can bypass SQL++ N1QL cURL host restrictions. | ||||
| CVE-2025-25871 | 1 Openpanel | 1 Openpanel | 2025-04-03 | 8 High |
| An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function | ||||
| CVE-2024-55507 | 1 Codeastro | 1 Complaint Management System | 2025-04-03 | 9.8 Critical |
| An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. | ||||
| CVE-2020-18329 | 1 Carel | 3 Pcoweb Card Bios, Pcoweb Card Boot, Pcoweb Card Web | 2025-04-02 | 7.5 High |
| An issue was discovered in Rehau devices that use a pCOWeb card BIOS v6.27, BOOT v5.00, web version v2.2, allows attackers to gain full unauthenticated access to the configuration and service interface. | ||||
| CVE-2024-4768 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 6.1 Medium |
| A bug in popup notifications' interaction with WebAuthn made it easier for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||
| CVE-2024-54879 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.1 Critical |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | ||||
| CVE-2024-54880 | 1 Seacms | 1 Seacms | 2025-03-28 | 9.1 Critical |
| SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | ||||
| CVE-2024-3545 | 1 Devolutions | 2 Devolutions Server, Remote Desktop Manager | 2025-03-28 | 4.3 Medium |
| Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. | ||||
| CVE-2022-4139 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more | 2025-03-28 | 7.8 High |
| An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | ||||
| CVE-2023-52373 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-27 | 7.5 High |
| Vulnerability of permission verification in the content sharing pop-up module.Successful exploitation of this vulnerability may cause unauthorized file sharing. | ||||
| CVE-2022-48296 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 5.3 Medium |
| The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | ||||
| CVE-2022-48295 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | ||||
| CVE-2022-48301 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The bundle management module lacks permission verification in some APIs. Successful exploitation of this vulnerability may restore the pre-installed apps that have been uninstalled. | ||||
| CVE-2024-28746 | 1 Apache | 1 Airflow | 2025-03-20 | 8.1 High |
| Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability | ||||