Export limit exceeded: 345465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1896 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34011 | 2026-04-15 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | ||||
| CVE-2024-46462 | 2026-04-15 | 7.8 High | ||
| By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability. | ||||
| CVE-2024-46505 | 2026-04-15 | 9.1 Critical | ||
| Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | ||||
| CVE-2024-51987 | 2026-04-15 | 5.4 Medium | ||
| Duende.AccessTokenManagement.OpenIdConnect is a set of .NET libraries that manage OAuth and OpenId Connect access tokens. HTTP Clients created by `AddUserAccessTokenHttpClient` may use a different user's access token after a token refresh occurs. This occurs because a refreshed token will be captured in pooled `HttpClient` instances, which may be used by a different user. Instead of using `AddUserAccessTokenHttpClient` to create an `HttpClient` that automatically adds a managed token to outgoing requests, you can use the `HttpConext.GetUserAccessTokenAsync` extension method or the `IUserTokenManagementService.GetAccessTokenAsync` method. This issue is fixed in Duende.AccessTokenManagement.OpenIdConnect 3.0.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-39286 | 2026-04-15 | 3.3 Low | ||
| Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-49202 | 1 Keyfactor | 1 Command | 2026-04-15 | 7.6 High |
| Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | ||||
| CVE-2024-37025 | 1 Intel Advanced Link Analyzer Standard Edition Software Installer | 1 Intel Advanced Link Analyzer Standard Edition Software Installer | 2026-04-15 | 6.7 Medium |
| Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-46464 | 2026-04-15 | 7.8 High | ||
| In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | ||||
| CVE-2025-15523 | 2 Apple, Inkscape | 2 Macos, Inkscape | 2026-04-15 | 4.4 Medium |
| MacOS version of Inkscape bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Inkscape, potentially disguising attacker's malicious intent. This issue has been fixed in 1.4.3 version of Inkscape. | ||||
| CVE-2024-21820 | 1 Intel | 4 3rd Generation Intel Xeon Scalable Processor Family, 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family and 1 more | 2026-04-15 | 7.2 High |
| Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-13905 | 1 Schneider-electric | 2 Ecostruxure Process Expert, Ecostruxure Process Expert For Aveva System Platform | 2026-04-15 | N/A |
| CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart. | ||||
| CVE-2024-27153 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2026-04-15 | 7.4 High |
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-27155 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2026-04-15 | 7.7 High |
| The Toshiba printers are vulnerable to a Local Privilege Escalation vulnerability. An attacker can remotely compromise any Toshiba printer. The programs can be replaced by malicious programs by any local or remote attacker. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-46467 | 2026-04-15 | 7.8 High | ||
| By default, dedicated folders of ZONEPOINT for Windows up to 2024.1 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONEPOINT has to be modified to prevent this vulnerability. | ||||
| CVE-2025-62661 | 1 Mediawiki | 1 Mediawiki | 2026-04-15 | N/A |
| Incorrect Default Permissions vulnerability in The Wikimedia Foundation Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Mediawiki - Thanks Extension, Mediawiki - Growth Experiments Extension: from 1.43 before 1.44. | ||||
| CVE-2024-43658 | 2026-04-15 | N/A | ||
| Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical – The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y). | ||||
| CVE-2025-23263 | 2026-04-15 | 7.6 High | ||
| NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN. | ||||
| CVE-2023-20516 | 1 Amd | 7 Instinct Mi210, Instinct Mi250, Radeon and 4 more | 2026-04-15 | 3.3 Low |
| Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | ||||
| CVE-2025-27559 | 2026-04-15 | 6.7 Medium | ||
| Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-27166 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2026-04-15 | 7.4 High |
| Coredump binaries in Toshiba printers have incorrect permissions. A local attacker can steal confidential information. As for the affected products/models/versions, see the reference URL. | ||||