Total
1663 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34288 | 1 Nagios | 2 Nagios Xi, Xi | 2026-03-05 | 6.7 Medium |
| Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a lower‑privileged user. A local attacker with access to the application account can modify this file to introduce malicious code, which is then executed with elevated privileges when the script is run. Successful exploitation results in arbitrary code execution as the root user. | ||||
| CVE-2019-25245 | 1 Cisco | 1 Nexus Dashboard | 2026-03-05 | 8.8 High |
| Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable. | ||||
| CVE-2025-70341 | 1 App-auto-patch | 1 App-auto-patch | 2026-03-05 | 7.8 High |
| Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. | ||||
| CVE-2025-70342 | 1 Grahampugh | 1 Erase-install | 2026-03-05 | 6.6 Medium |
| erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. | ||||
| CVE-2026-24732 | 1 Hallowelt | 1 Bluespice | 2026-03-05 | N/A |
| Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5 | ||||
| CVE-2026-29126 | 2026-03-05 | N/A | ||
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | ||||
| CVE-2026-29125 | 2026-03-05 | N/A | ||
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | ||||
| CVE-2022-50931 | 1 Teamspeak | 1 Teamspeak | 2026-03-05 | 7.8 High |
| TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access. | ||||
| CVE-2019-25344 | 1 Wondershare | 2 Mobilego, Mobiletrans | 2026-03-05 | 7.8 High |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | ||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | 6.6 Medium |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | ||||
| CVE-2026-21902 | 1 Juniper Networks | 1 Junos Os Evolved | 2026-03-04 | 9.8 Critical |
| An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detection framework of Juniper Networks Junos OS Evolved on PTX Series allows an unauthenticated, network-based attacker to execute code as root. The On-Box Anomaly detection framework should only be reachable by other internal processes over the internal routing instance, but not over an externally exposed port. With the ability to access and manipulate the service to execute code as root a remote attacker can take complete control of the device. Please note that this service is enabled by default as no specific configuration is required. This issue affects Junos OS Evolved on PTX Series: * 25.4 versions before 25.4R1-S1-EVO, 25.4R2-EVO. This issue does not affect Junos OS Evolved versions before 25.4R1-EVO. This issue does not affect Junos OS. | ||||
| CVE-2026-2915 | 1 Hp Inc | 1 Hp System Event Utility | 2026-03-03 | N/A |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | ||||
| CVE-2026-2637 | 1 Iboysoft | 1 Iboysoft Ntfs | 2026-03-03 | N/A |
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | ||||
| CVE-2025-14979 | 1 Airvpn | 1 Eddie | 2026-03-03 | N/A |
| AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | ||||
| CVE-2026-26095 | 2 Owl, Owlcyberdefense | 4 Opds, Opds-100, Opds-1000 and 1 more | 2026-02-27 | 5.5 Medium |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | ||||
| CVE-2026-26096 | 2 Owl, Owlcyberdefense | 4 Opds, Opds-100, Opds-1000 and 1 more | 2026-02-27 | 5.5 Medium |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | ||||
| CVE-2026-26100 | 2 Owl, Owlcyberdefense | 4 Opds, Opds-100, Opds-1000 and 1 more | 2026-02-27 | 5.5 Medium |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | ||||
| CVE-2026-26101 | 2 Owl, Owlcyberdefense | 4 Opds, Opds-100, Opds-1000 and 1 more | 2026-02-27 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | ||||
| CVE-2026-26102 | 2 Owl, Owlcyberdefense | 4 Opds, Opds-100, Opds-1000 and 1 more | 2026-02-27 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | ||||
| CVE-2025-22454 | 1 Ivanti | 1 Secure Access Client | 2026-02-26 | 7.8 High |
| Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | ||||