Total
1503 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-57392 | 1 Benimpos | 1 Benimpos | 2025-09-17 | N/A | 7.8 HIGH |
| BenimPOS Masaustu 3.0.x is affected by insecure file permissions. The application installation directory grants Everyone and BUILTIN\Users groups FILE_ALL_ACCESS, allowing local users to replace or modify .exe and .dll files. This may lead to privilege escalation or arbitrary code execution upon launch by another user or elevated context. | |||||
| CVE-2025-58372 | 1 Roocode | 1 Roo Code | 2025-09-15 | N/A | 8.1 HIGH |
| Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0. | |||||
| CVE-2025-38742 | 1 Dell | 1 Emc Idrac Service Module | 2025-09-10 | N/A | 5.3 MEDIUM |
| Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | |||||
| CVE-2025-40804 | 2025-09-09 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization. | |||||
| CVE-2024-55955 | 2 Microsoft, Trendmicro | 2 Windows, Deep Security Agent | 2025-09-09 | N/A | 6.7 MEDIUM |
| An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2025-41664 | 2025-09-08 | N/A | 7.5 HIGH | ||
| A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware. | |||||
| CVE-2024-12564 | 2025-09-08 | N/A | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | |||||
| CVE-2025-23257 | 2025-09-05 | N/A | 7.3 HIGH | ||
| NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2025-23258 | 2025-09-05 | N/A | 7.3 HIGH | ||
| NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2024-11584 | 1 Canonical | 1 Cloud-init | 2025-09-05 | N/A | 5.9 MEDIUM |
| cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands. | |||||
| CVE-2025-1139 | 1 Ibm | 1 Edge Application Manager | 2025-09-03 | N/A | 6.1 MEDIUM |
| IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. | |||||
| CVE-2012-10030 | 1 Freefloat | 1 Freefloat Ftp Server | 2025-09-03 | N/A | 9.8 CRITICAL |
| FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbitrary files to sensitive system directories. The server accepts empty credentials, defaults user access to the root of the C:\ drive, and imposes no restrictions on file type or destination path. These conditions enable attackers to upload executable payloads and .mof files to locations such as system32 and wbem\mof, where Windows Management Instrumentation (WMI) automatically processes and executes them. This results in remote code execution with SYSTEM-level privileges, without requiring user interaction. | |||||
| CVE-2025-0093 | 1 Google | 1 Android | 2025-09-02 | N/A | 7.5 HIGH |
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2025-43268 | 1 Apple | 1 Macos | 2025-09-02 | N/A | 7.8 HIGH |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-5819 | 1 Gitlab | 1 Gitlab | 2025-08-29 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | |||||
| CVE-2025-9578 | 2025-08-29 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | |||||
| CVE-2025-30063 | 2025-08-29 | N/A | N/A | ||
| The configuration file containing database logins and passwords is readable by any local user. | |||||
| CVE-2025-53396 | 2025-08-29 | N/A | 7.0 HIGH | ||
| Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges. | |||||
| CVE-2025-43729 | 2025-08-29 | N/A | 7.8 HIGH | ||
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | |||||
| CVE-2024-41974 | 2025-08-27 | N/A | 7.1 HIGH | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | |||||