Search Results (1764 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-38456 1 Vivavis 1 High-leit 2026-04-15 7.8 High
HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM.
CVE-2025-11906 1 Progress 1 Flowmon 2026-04-15 6.7 Medium
A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service initialization.
CVE-2024-6619 2 Aveva, Ocean Data Systems 2 Reports For Operations 2023, Dream Report 2023 2026-04-15 N/A
In Ocean Data Systems Dream Report, an incorrect permission vulnerability could allow a local unprivileged attacker to escalate their privileges and could cause a denial-of-service.
CVE-2025-50675 2026-04-15 7.8 High
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
CVE-2024-39967 2026-04-15 6.5 Medium
Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command.
CVE-2025-4952 2 Eset, Microsoft 13 Endpoint Antivirus, Endpoint Security, File Security and 10 more 2026-04-15 N/A
Tampering of the registry entries might have led to preventing the ESET security products from starting correctly on the next system startup or to unauthorized changes in the product's configuration.
CVE-2025-12985 1 Ibm 1 License Metric Tool 2026-04-15 8.4 High
IBM Licensing Operator incorrectly assigns privileges to security critical files which could allow a local root escalation inside a container running the IBM Licensing Operator image.
CVE-2023-39338 1 Ivanti 1 Sentry 2026-04-15 N/A
Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.
CVE-2024-53932 2026-04-15 9.1 Critical
The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component.
CVE-2024-28589 1 Axigen 1 Axigen Mail Server 2026-04-15 6.7 Medium
An issue was discovered in Axigen Mail Server for Windows versions 10.5.18 and before, allows local low-privileged attackers to execute arbitrary code and escalate privileges via insecure DLL loading from a world-writable directory during service initialization.
CVE-2024-29078 2026-04-15 7.5 High
Incorrect permission assignment for critical resource issue exists in MosP kintai kanri V4.6.6 and earlier, which may allow a remote unauthenticated attacker with access to the product to alter the product settings.
CVE-2025-30408 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.
CVE-2025-0758 1 Hitachi 1 Vantara Pentaho Business Analytics Server 2026-04-15 6.1 Medium
Overview  The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732)  Description  Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed with Karaf JMX beans enabled and accessible by default.  Impact  When the vulnerability is leveraged, a user with local execution privileges can access functionality exposed by Karaf beans contained in the product.
CVE-2024-27108 2026-04-15 6.8 Medium
Non privileged access to critical file vulnerability in GE HealthCare EchoPAC products
CVE-2022-50690 1 Wondershare 1 Mirrorgo 2026-04-15 8.4 High
Wondershare MirrorGo 2.0.11.346 contains a local privilege escalation vulnerability due to incorrect file permissions on executable files. Unprivileged local users can replace the ElevationService.exe with a malicious file to execute arbitrary code with LocalSystem privileges.
CVE-2023-38037 1 Redhat 3 Logging, Satellite, Satellite Capsule 2026-04-15 3.3 Low
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately.
CVE-2025-24009 2026-04-15 5.9 Medium
A vulnerability has been identified in SIRIUS 3RK3 Modular Safety System (MSS) (All versions), SIRIUS Safety Relays 3SK2 (All versions). The affected devices do not require authentication to access critical resources. An attacker with network access could retrieve sensitive information from certain data records, including obfuscated safety passwords.
CVE-2025-48961 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39938.
CVE-2025-41664 1 Wago 3 0750-0362, 0750-0363, 0750-0366 2026-04-15 7.5 High
A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
CVE-2025-62688 1 Automationdirect 8 P1-540, P1-550, P2-550 and 5 more 2026-04-15 7.1 High
An incorrect permission assignment for a critical resource vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker with low-privileged credentials to change their role, gaining full control access to the project.