Total
1411 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-37305 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
An Insecure Permissions issue in jeecg-boot 2.4.5 and earlier allows remote attackers to gain escalated privilege and view sensitive information via api uri: /sys/user/querySysUser?username=admin. | |||||
CVE-2021-37304 | 1 Jeecg | 1 Jeecg | 2025-03-26 | N/A | 7.5 HIGH |
An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | |||||
CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2025-03-25 | N/A | 6.7 MEDIUM |
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | |||||
CVE-2025-0590 | 2025-03-24 | N/A | 7.5 HIGH | ||
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk. | |||||
CVE-2021-3172 | 1 Php-fusion | 1 Php-fusion | 2025-03-19 | N/A | 8.1 HIGH |
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | |||||
CVE-2024-8900 | 1 Mozilla | 1 Firefox | 2025-03-18 | N/A | 7.5 HIGH |
An attacker could write data to the user's clipboard, bypassing the user prompt, during a certain sequence of navigational events. This vulnerability affects Firefox < 129, Firefox ESR < 128.3, and Thunderbird < 128.3. | |||||
CVE-2024-41720 | 1 Zexelon | 2 Zwx-2000csw2-hn, Zwx-2000csw2-hn Firmware | 2025-03-17 | N/A | 8.0 HIGH |
Incorrect permission assignment for critical resource issue exists in ZWX-2000CSW2-HN firmware versions prior to Ver.0.3.15, which may allow a network-adjacent authenticated attacker to alter the configuration of the device. | |||||
CVE-2019-15752 | 3 Apache, Docker, Microsoft | 3 Geode, Docker, Windows | 2025-03-14 | 9.3 HIGH | 7.8 HIGH |
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command. | |||||
CVE-2024-27883 | 1 Apple | 1 Macos | 2025-03-14 | N/A | 4.4 MEDIUM |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. An app may be able to modify protected parts of the file system. | |||||
CVE-2023-52388 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 7.5 HIGH |
Permission control vulnerability in the clock module. Impact: Successful exploitation of this vulnerability will affect availability. | |||||
CVE-2023-52554 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | N/A | 6.5 MEDIUM |
Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
CVE-2024-42449 | 2025-03-13 | N/A | 7.1 HIGH | ||
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | |||||
CVE-2024-0019 | 1 Google | 1 Android | 2025-03-13 | N/A | 5.0 MEDIUM |
In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
CVE-2023-49582 | 1 Apache | 1 Portable Runtime | 2025-03-13 | N/A | 5.5 MEDIUM |
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. | |||||
CVE-2024-24117 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-03-13 | N/A | 9.8 CRITICAL |
Insecure Permissions vulnerability in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release (9736) allows a remote attacker to gain privileges via the login check state component. | |||||
CVE-2023-24205 | 1 Clash Project | 1 Clash | 2025-03-12 | N/A | 9.8 CRITICAL |
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | |||||
CVE-2025-22454 | 2025-03-11 | N/A | 7.8 HIGH | ||
Insufficiently restrictive permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | |||||
CVE-2023-27095 | 1 Opengoofy | 1 Hippo4j | 2025-02-26 | N/A | 6.5 MEDIUM |
Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | |||||
CVE-2024-25561 | 1 Intel | 19 Hid Event Filter Driver, Nuc M15 Laptop Kit Lapbc510, Nuc M15 Laptop Kit Lapbc510 Firmware and 16 more | 2025-02-25 | N/A | 6.7 MEDIUM |
Insecure inherited permissions in some Intel(R) HID Event Filter software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2025-27141 | 2025-02-24 | N/A | N/A | ||
Metabase Enterprise Edition is the enterprise version of Metabase business intelligence and data analytics software. Starting in version 1.47.0 and prior to versions 1.50.36, 1.51.14, 1.52.11, and 1.53.2 of Metabase Enterprise Edition, users with impersonation permissions may be able to see results of cached questions, even if their permissions don’t allow them to see the data. If some user runs a question which gets cached, and then an impersonated user runs that question, then the impersonated user sees the same results as the previous user. These cached results may include data the impersonated user should not have access to. This vulnerability only impacts the Enterprise Edition of Metabase and not the Open Source Edition. Versions 1.53.2, 1.52.11, 1.51.14, and 1.50.36 contains a patch. Versions on the 1.49.X, 1.48.X, and 1.47.X branches are vulnerable but do not have a patch available, so users should upgrade to a major version with an available fix. Disabling question caching is a workaround for this issue. |