Export limit exceeded: 29936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1735 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12004 | 1 Mediawiki | 1 Mediawiki | 2026-04-15 | N/A |
| Incorrect Permission Assignment for Critical Resource vulnerability in The Wikimedia Foundation Mediawiki - Lockdown Extension allows Privilege Abuse. Fixed in Mediawiki Core Action APIThis issue affects Mediawiki - Lockdown Extension: from master before 1.42. | ||||
| CVE-2023-6729 | 1 Nokia | 1 Service Router Operating System | 2026-04-15 | 7.3 High |
| Nokia SR OS routers allow read-write access to the entire file system via SFTP or SCP for users configured with "access console." Consequently, a low privilege authenticated user with "access console" can read or replace the router configuration file as well as other files stored in the Compact Flash or SD card without using CLI commands. This type of attack can lead to a compromise or denial of service of the router after the system is rebooted. | ||||
| CVE-2024-0128 | 1 Nvidia | 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager | 2026-04-15 | 7.1 High |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager that allows a user of the guest OS to access global resources. A successful exploit of this vulnerability might lead to information disclosure, data tampering, and escalation of privileges. | ||||
| CVE-2024-11176 | 2026-04-15 | N/A | ||
| Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect evaluation of effective permissions. | ||||
| CVE-2021-47742 | 1 Epicgames | 1 Psionix Rocket League | 2026-04-15 | 8.8 High |
| Epic Games Psyonix Rocket League <=1.95 contains an insecure permissions vulnerability that allows authenticated users to modify executable files with full access permissions. Attackers can leverage the 'F' (Full) flag for the 'Authenticated Users' group to change executable files and potentially escalate system privileges. | ||||
| CVE-2025-12985 | 1 Ibm | 1 License Metric Tool | 2026-04-15 | 8.4 High |
| IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image. | ||||
| CVE-2025-40672 | 2026-04-15 | N/A | ||
| A Privilege Escalation vulnerability has been found in Panloader component v3.24.0.0 by Espiral MS Group. This vulnerability allows any user to override the file panLoad.exe that will be executed by SYSTEM user via a programmed task. This would allow an attacker to obtain administrator permissions to perform whatever activities he/she wants, shuch as accessing sensitive information, executing code remotely, and even causing a denial of service (DoS). | ||||
| CVE-2020-36916 | 2026-04-15 | 8.8 High | ||
| TDM Digital Signage PC Player 4.1.0.4 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files. Attackers can leverage the 'Modify' permissions for authenticated users to replace executable files with malicious binaries and gain elevated system access. | ||||
| CVE-2023-38037 | 1 Redhat | 3 Logging, Satellite, Satellite Capsule | 2026-04-15 | 3.3 Low |
| ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | ||||
| CVE-2024-54159 | 2026-04-15 | 4.1 Medium | ||
| stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. | ||||
| CVE-2023-5936 | 2026-04-15 | 7.8 High | ||
| On Unix systems (Linux, MacOS), Arc uses a temporary file with unsafe privileges. By tampering with such file, a malicious local user in the system may be able to trigger arbitrary code execution with root privileges. | ||||
| CVE-2025-41664 | 1 Wago | 3 0750-0362, 0750-0363, 0750-0366 | 2026-04-15 | 7.5 High |
| A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware. | ||||
| CVE-2025-61969 | 1 Amd | 1 Amd Uprof | 2026-04-15 | N/A |
| Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-24009 | 2026-04-15 | 5.9 Medium | ||
| A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could retrieve sensitive information from certain data records, including obfuscated safety passwords. | ||||
| CVE-2025-5995 | 2026-04-15 | N/A | ||
| Canon EOS Webcam Utility Pro for MAC OS version 2.3d (2.3.29) and earlier contains an improper directory permissions vulnerability. Exploitation of this vulnerability requires administrator access by a malicious user. An attacker could modify the directory, potentially resulting in code execution and ultimately leading to privilege escalation. | ||||
| CVE-2025-12148 | 1 Search-guard | 1 Search Guard | 2026-04-15 | N/A |
| In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking. | ||||
| CVE-2025-23285 | 1 Nvidia | 1 Virtual Gpu Manager | 2026-04-15 | 5.5 Medium |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-41659 | 1 Codesys | 1 Control | 2026-04-15 | 8.3 High |
| A low-privileged attacker can remotely access the PKI folder of the CODESYS Control runtime system and thus read and write certificates and its keys. This allows sensitive data to be extracted or to accept certificates as trusted. Although all services remain available, only unencrypted communication is possible if the certificates are deleted. | ||||
| CVE-2025-40804 | 1 Siemens | 1 Simatic | 2026-04-15 | 9.1 Critical |
| A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. | ||||
| CVE-2025-54546 | 1 Arista | 1 Danz Monitoring Fabric | 2026-04-15 | 7.5 High |
| On affected platforms, restricted users could use SSH port forwarding to access host-internal services | ||||