Export limit exceeded: 34581 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-0006 | 1 Microsoft | 1 Windows Nt | 2025-04-03 | 7.1 High |
| The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. | ||||
| CVE-2005-4868 | 2 Ibm, Microsoft | 2 Db2 Universal Database, Windows | 2025-04-03 | 7.1 High |
| Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service. | ||||
| CVE-2023-20923 | 1 Google | 1 Android | 2025-04-02 | 5.5 Medium |
| In exported content providers of ShannonRcs, there is a possible way to get access to protected content providers due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-246933910References: N/A | ||||
| CVE-2021-22117 | 2 Broadcom, Microsoft | 2 Rabbitmq Server, Windows | 2025-04-02 | 7.8 High |
| RabbitMQ installers on Windows prior to version 3.8.16 do not harden plugin directory permissions, potentially allowing attackers with sufficient local filesystem permissions to add arbitrary plugins. | ||||
| CVE-2025-2982 | 2025-04-01 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in Legrand SMS PowerView 1.x. Affected is an unknown function. The manipulation of the argument redirect leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-44263 | 1 Dentsplysirona | 1 Sidexis | 2025-03-31 | 7.8 High |
| Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control. | ||||
| CVE-2024-10210 | 2025-03-31 | N/A | ||
| An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system. | ||||
| CVE-2024-30413 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-28 | 7.5 High |
| Vulnerability of improper permission control in the window management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-29078 | 2025-03-28 | 7.5 High | ||
| Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings. | ||||
| CVE-2023-52715 | 1 Huawei | 1 Harmonyos | 2025-03-28 | 7.5 High |
| The SystemUI module has a vulnerability in permission management. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2022-44715 | 1 Netscout | 1 Ngeniusone | 2025-03-28 | 8.8 High |
| Improper File Permissions in NetScout nGeniusONE 6.3.2 build 904 allows authenticated remote users to gain permissions via a crafted payload. | ||||
| CVE-2024-12151 | 1 Devolutions | 1 Devolutions Server | 2025-03-28 | 5 Medium |
| Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | ||||
| CVE-2024-12149 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-28 | 8.1 High |
| Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | ||||
| CVE-2025-27147 | 2025-03-27 | 8.2 High | ||
| The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory (SNMP), software deployment, VMWare ESX host remote inventory, and data collection (files, Windows registry, WMI). Versions prior to 1.5.0 have an improper access control vulnerability. Version 1.5.0 fixes the vulnerability. | ||||
| CVE-2024-10209 | 2025-03-27 | N/A | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | ||||
| CVE-2021-37306 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: api uri:/sys/user/checkOnlyUser?username=admin. | ||||
| CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | ||||
| CVE-2024-13922 | 1 Webtoffee | 1 Order Export \& Order Import For Woocommerce | 2025-03-26 | 2.7 Low |
| The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server. | ||||
| CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | 7.5 High |
| An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | ||||
| CVE-2023-22326 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-03-26 | 4.9 Medium |
| In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x before 14.1.5.3, and all versions of 13.1.x, and all versions of BIG-IQ 8.x and 7.1.x, incorrect permission assignment vulnerabilities exist in the iControl REST and TMOS shell (tmsh) dig command which may allow an authenticated attacker with resource administrator or administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||