CVE & CISA-KEV Catalog

362,600 CVEs1,630 actively exploited (KEV)AboutAPI
Active:
  • CVSS 2.0 v4·EPSS -·No fix yet

    In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.

    Published 2026-06-30

  • CVSS 6.9 v4·EPSS -·No fix yet

    A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.

    Published 2026-06-30

  • CVSS 7.5 v3·EPSS 0.3%·No fix yet

    Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.

    Published 2026-06-15

  • CVSS 2.7 v3·EPSS 0.2%·Fix available

    Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.

    Published 2026-05-27

  • CVSS 9.1 v3·EPSS 0.3%·Fix available

    When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.

    Published 2026-05-27

  • CVSS 6.3 v3·EPSS 0.2%·Fix available

    When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.

    Published 2026-05-27

  • CVSS 8.8 v3·EPSS 0.3%·Fix available

    Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.

    Published 2026-05-26

  • CVSS 7.8 v3·EPSS 0.2%·Fix available

    NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.

    Published 2026-05-26

  • CVSS 5.3 v4·EPSS 0.4%·No fix yet

    Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2.

    Published 2026-05-19

  • CVSS 5.7 v3·EPSS 0.3%·No fix yet

    Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior patch in #14289. In ChangeModel.delta, when DELTA_INCLUDES_ITEMS is enabled (the default), the latest state of items is attached to delta output without verifying that those items are still shared with the requesting user, and the existing removal logic only filters items deleted for all users. Additionally, the change compression logic incorrectly reduces create - delete to NOOP, which is unsafe because compression is applied per page and an item can have multiple create events; if an earlier cre

    Published 2026-05-19

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak

    Published 2026-05-19

  • CVSS 6.3 v3·EPSS 0.2%·Fix available

    The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments.

    Published 2026-05-11

  • CVSS 3.4 v3·EPSS 0.1%·Fix available

    The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.

    Published 2026-04-22

  • CVSS 4.2 v3·EPSS 0.1%·Fix available

    The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners.

    Published 2026-04-22

  • CVSS 6.6 v3·EPSS 0.1%·Fix available

    The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies. This differs from GNU cp, which clears these bits when ownership cannot be preserved.

    Published 2026-04-22

  • CVSS 7.5 v3·EPSS 0.4%·Fix available

    In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).

    Published 2026-04-04

  • CVSS 9.3 v3·EPSS 0.2%·Fix available

    Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.

    Published 2026-02-24

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.

    Published 2026-02-03

  • CVSS 3.3 v3·EPSS 0.2%·Fix available

    A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.

    Published 2026-01-26

  • CVSS 9.1 v3·EPSS 1.6%·Fix available

    A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.

    Published 2026-01-20

  • CVSS 7.5 v3·EPSS 0.2%·No fix yet

    A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.

    Published 2025-11-06

  • CVSS 7.0 v3·EPSS 0.1%·No fix yet

    Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.

    Published 2025-11-06

  • CVSS 8.8 v3·EPSS 0.6%·Fix available

    Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.

    Published 2025-10-30

  • CVSS 4.3 v3·EPSS 0.2%·No fix yet

    A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs

    Published 2025-10-29

  • CVSS 4.4 v3·EPSS 0.1%·No fix yet

    In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    Published 2025-09-04

  • CVSS -·EPSS 0.3%·No fix yet

    Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages

    Published 2025-07-08

  • CVSS 7.5 v3·EPSS 0.4%·No fix yet

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.

    Published 2025-06-10

  • CVSS 7.5 v3·EPSS 0.4%·No fix yet

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.

    Published 2025-06-10

  • CVSS 9.1 v3·EPSS 0.4%·No fix yet

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025

    Published 2025-06-10

  • CVSS 7.5 v3·EPSS 0.4%·No fix yet

    Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025

    Published 2025-06-10

  • CVSS 3.3 v3·EPSS 0.1%·No fix yet

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

    Published 2025-06-08

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

    Published 2025-06-08

  • CVSS 3.3 v3·EPSS 0.1%·No fix yet

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

    Published 2025-06-08

  • CVSS 5.5 v3·EPSS 0.1%·No fix yet

    in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.

    Published 2025-06-08

  • CVSS -·EPSS 0.1%·No fix yet

    SystemUI has an incorrect component protection setting, which allows access to specific information.

    Published 2025-06-06

  • CVSS 7.8 v3·EPSS 0.1%·Fix available

    A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.

    Published 2025-06-05

  • CVSS 6.0 v3·EPSS 0.3%·Fix available

    CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low.

    Published 2025-05-28

  • CVSS 7.5 v3·EPSS 0.3%·No fix yet

    An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.

    Published 2025-04-29

  • CVSS -·EPSS 0.3%·Fix available

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.

    Published 2025-04-10

  • CVSS -·EPSS 0.3%·Fix available

    Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.

    Published 2025-04-10

  • CVSS 7.8 v3·EPSS 0.2%·Fix available

    This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.

    Published 2025-03-31

  • CVSS 7.8 v3·EPSS 0.3%·Fix available

    A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

    Published 2025-03-31

  • CVSS 7.8 v3·EPSS 0.2%·Fix available

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.

    Published 2025-03-31

  • CVSS 8.0 v3·EPSS 0.4%·No fix yet

    An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function

    Published 2025-03-14

  • CVSS 8.8 v3·EPSS 0.4%·No fix yet

    An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint

    Published 2025-03-12

  • CVSS 7.8 v3·EPSS 0.1%·No fix yet

    In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    Published 2025-03-10

  • CVSS 8.4 v3·EPSS 0.1%·No fix yet

    In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

    Published 2025-03-10

  • CVSS 3.8 v3·EPSS 0.2%·No fix yet

    An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.

    Published 2025-02-27

  • CVSS 9.8 v3·EPSS 0.8%·No fix yet

    Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.

    Published 2025-02-14

  • CVSS 4.3 v3·EPSS 0.3%·Fix available

    Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.

    Published 2025-02-04

Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.