| Severity | Description | ||||||
|---|---|---|---|---|---|---|---|
| CVE-2026-4360 | Low | 2.0 v4 | - | - | -No fix available yet | 2026-06-30 | In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function. |
| CVE-2026-44947 | Medium | 6.9 v4 | - | - | -No fix available yet | 2026-06-30 | A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate. |
| CVE-2026-40767 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2026-06-15 | Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions. |
| CVE-2024-47270 | Low | 2.7 v3 | 0.2% | - | Fix available | 2026-05-27 | Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors. |
| CVE-2026-39832 | High | 9.1 v3 | 0.3% | - | Fix available | 2026-05-27 | When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them. |
| CVE-2026-39828 | Medium | 6.3 v3 | 0.2% | - | Fix available | 2026-05-27 | When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error. |
| CVE-2026-44832 | High | 8.8 v3 | 0.3% | - | Fix available | 2026-05-26 | Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1. |
| CVE-2026-24194 | High | 7.8 v3 | 0.2% | - | Fix available | 2026-05-26 | NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. |
| CVE-2026-34744 | Medium | 5.3 v4 | 0.4% | - | -No fix available yet | 2026-05-19 | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2. |
| CVE-2026-34600 | Medium | 5.7 v3 | 0.3% | - | -No fix available yet | 2026-05-19 | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior patch in #14289. In ChangeModel.delta, when DELTA_INCLUDES_ITEMS is enabled (the default), the latest state of items is attached to delta output without verifying that those items are still shared with the requesting user, and the existing removal logic only filters items deleted for all users. Additionally, the change compression logic incorrectly reduces create - delete to NOOP, which is unsafe because compression is applied per page and an item can have multiple create events; if an earlier cre |
| CVE-2026-25850 | Medium | 5.5 v3 | 0.1% | - | -No fix available yet | 2026-05-19 | in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak |
| CVE-2025-8325 | Medium | 6.3 v3 | 0.2% | - | Fix available | 2026-05-11 | The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments. |
| CVE-2026-35361 | Low | 3.4 v3 | 0.1% | - | Fix available | 2026-04-22 | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls. |
| CVE-2026-35351 | Medium | 4.2 v3 | 0.1% | - | Fix available | 2026-04-22 | The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners. |
| CVE-2026-35350 | Medium | 6.6 v3 | 0.1% | - | Fix available | 2026-04-22 | The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies. This differs from GNU cp, which clears these bits when ownership cannot be preserved. |
| CVE-2026-35385 | Medium | 7.5 v3 | 0.4% | - | Fix available | 2026-04-04 | In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode). |
| CVE-2026-24834 | High | 9.3 v3 | 0.2% | - | Fix available | 2026-02-24 | Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue. |
| CVE-2025-69875 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2026-02-03 | A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation. |
| CVE-2025-9615 | Low | 3.3 v3 | 0.2% | - | Fix available | 2026-01-26 | A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection. |
| CVE-2025-55130 | Critical | 9.1 v3 | 1.6% | - | Fix available | 2026-01-20 | A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. |
| CVE-2024-12125 | High | 7.5 v3 | 0.2% | - | -No fix available yet | 2025-11-06 | A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information. |
| CVE-2025-37735 | High | 7.0 v3 | 0.1% | - | -No fix available yet | 2025-11-06 | Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation. |
| CVE-2025-34298 | High | 8.8 v3 | 0.6% | - | Fix available | 2025-10-30 | Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls. |
| CVE-2023-32199 | Medium | 4.3 v3 | 0.2% | - | -No fix available yet | 2025-10-29 | A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs |
| CVE-2025-26420 | Medium | 4.4 v3 | 0.1% | - | -No fix available yet | 2025-09-04 | In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2025-7346 | Unscored | - | 0.3% | - | -No fix available yet | 2025-07-08 | Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages |
| CVE-2025-43701 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. |
| CVE-2025-43700 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. |
| CVE-2025-43698 | Critical | 9.1 v3 | 0.4% | - | -No fix available yet | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025 |
| CVE-2025-43697 | High | 7.5 v3 | 0.4% | - | -No fix available yet | 2025-06-10 | Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025 |
| CVE-2025-27563 | Low | 3.3 v3 | 0.1% | - | -No fix available yet | 2025-06-08 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. |
| CVE-2025-27247 | Medium | 5.5 v3 | 0.1% | - | -No fix available yet | 2025-06-08 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. |
| CVE-2025-26693 | Low | 3.3 v3 | 0.1% | - | -No fix available yet | 2025-06-08 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. |
| CVE-2025-26691 | Medium | 5.5 v3 | 0.1% | - | -No fix available yet | 2025-06-08 | in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission. |
| CVE-2024-46941 | Unscored | - | 0.1% | - | -No fix available yet | 2025-06-06 | SystemUI has an incorrect component protection setting, which allows access to specific information. |
| CVE-2025-43026 | High | 7.8 v3 | 0.1% | - | Fix available | 2025-06-05 | A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. |
| CVE-2025-27703 | Medium | 6.0 v3 | 0.3% | - | Fix available | 2025-05-28 | CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. |
| CVE-2024-57698 | High | 7.5 v3 | 0.3% | - | -No fix available yet | 2025-04-29 | An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint. |
| CVE-2025-32697 | Unscored | - | 0.3% | - | Fix available | 2025-04-10 | Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1. |
| CVE-2025-32696 | Unscored | - | 0.3% | - | Fix available | 2025-04-10 | Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1. |
| CVE-2025-31184 | High | 7.8 v3 | 0.2% | - | Fix available | 2025-03-31 | This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network. |
| CVE-2025-30456 | High | 7.8 v3 | 0.3% | - | Fix available | 2025-03-31 | A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. |
| CVE-2025-30449 | High | 7.8 v3 | 0.2% | - | Fix available | 2025-03-31 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. |
| CVE-2025-25871 | High | 8.0 v3 | 0.4% | - | -No fix available yet | 2025-03-14 | An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function |
| CVE-2025-25711 | High | 8.8 v3 | 0.4% | - | -No fix available yet | 2025-03-12 | An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint |
| CVE-2024-56192 | High | 7.8 v3 | 0.1% | - | -No fix available yet | 2025-03-10 | In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2024-56191 | High | 8.4 v3 | 0.1% | - | -No fix available yet | 2025-03-10 | In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
| CVE-2025-0914 | Low | 3.8 v3 | 0.2% | - | -No fix available yet | 2025-02-27 | An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4. |
| CVE-2024-56973 | Critical | 9.8 v3 | 0.8% | - | -No fix available yet | 2025-02-14 | Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. |
| CVE-2024-53994 | Medium | 4.3 v3 | 0.3% | - | Fix available | 2025-02-04 | Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings. |
- CVSS 2.0 v4·EPSS -·No fix yet
In the Tarfile.extract() function, the filter parameter is not passed properly when extracting hardlinks. An affected system that extracts content from untrusted tar files could end up writing files with an unexpected uid/gid despite the user passing filter='data' to the extract() function.
Published 2026-06-30
- MediumCVSS 6.9 v4·EPSS -·No fix yet
A missing clean-up in the legacy Project Role Template Binding (PRTB) reconciler in Rancher versions 2.13.0 up to 2.13.7 and 2.14.0 up to 2.14.3 allowed users to retain unauthorized Pod Security Admission (PSA) permissions after an administrator removes those permissions from a RoleTemplate.
Published 2026-06-30
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
Unauthenticated Broken Access Control in wpForo Forum < 3.0.2 versions.
Published 2026-06-15
- CVSS 2.7 v3·EPSS 0.2%·Fix available
Improper preservation of permissions vulnerability in Archiving Push functionality in Synology Surveillance Station before 9.2.2-11575 and 9.2.2-9575 allows remote authenticated users with administrator privileges to limited file write via unspecified vectors.
Published 2026-05-27
- HighCVSS 9.1 v3·EPSS 0.3%·Fix available
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all constraint extensions. Additionally, the in-memory keyring returned by NewKeyring() now rejects keys with unsupported constraint extensions instead of silently ignoring them.
Published 2026-05-27
- MediumCVSS 6.3 v3·EPSS 0.2%·Fix available
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError now results in a connection error.
Published 2026-05-27
- HighCVSS 8.8 v3·EPSS 0.3%·Fix available
Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.
Published 2026-05-26
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution.
Published 2026-05-26
- MediumCVSS 5.3 v4·EPSS 0.4%·No fix yet
Mantis Bug Tracker (MantisBT) is an open source issue tracker. Versions 2.28.1 and prior permit a user to list and download their own attachments from an Issue created by another user even after it becomes private, bypassing read access revocation. The loss of confidentiality caused by this vulnerability is minimal, considering that only attachments previously uploaded by the user themselves remain accessible. This issue has been fixed in version 2.82.2.
Published 2026-05-19
- MediumCVSS 5.7 v3·EPSS 0.3%·No fix yet
Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior patch in #14289. In ChangeModel.delta, when DELTA_INCLUDES_ITEMS is enabled (the default), the latest state of items is attached to delta output without verifying that those items are still shared with the requesting user, and the existing removal logic only filters items deleted for all users. Additionally, the change compression logic incorrectly reduces create - delete to NOOP, which is unsafe because compression is applied per page and an item can have multiple create events; if an earlier cre
Published 2026-05-19
- MediumCVSS 5.5 v3·EPSS 0.1%·No fix yet
in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak
Published 2026-05-19
- MediumCVSS 6.3 v3·EPSS 0.2%·Fix available
The software fails to enforce role-based access controls for certain Gateway API invocations. Users with the 'Internal/Everyone' role can invoke these APIs, bypassing intended permission checks. This same vulnerability also affects Internal Service APIs, potentially exposing them in WSO2 APIM 3.x versions. A malicious actor with a valid user account on a vulnerable deployment can perform sensitive operations against the Gateway REST API regardless of their actual roles or privileges. This could lead to unintended behavior or misuse, particularly in production environments.
Published 2026-05-11
- CVSS 3.4 v3·EPSS 0.1%·Fix available
The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the utility attempts cleanup using std::fs::remove_dir, which cannot remove device nodes or FIFOs. This leaves mislabeled nodes behind with incorrect default contexts, potentially allowing unauthorized access to device nodes that should have been restricted by mandatory access controls.
Published 2026-04-22
- MediumCVSS 4.2 v3·EPSS 0.1%·Fix available
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destination file using the caller's UID/GID rather than the source's metadata. This flaw breaks backups and migrations, causing files moved by a privileged user (e.g., root) to become root-owned unexpectedly, which can lead to information disclosure or restricted access for the intended owners.
Published 2026-04-22
- MediumCVSS 6.6 v3·EPSS 0.1%·Fix available
The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining original privileged bits, creating unexpected privileged executables that violate local security policies. This differs from GNU cp, which clears these bits when ownership cannot be preserved.
Published 2026-04-22
- MediumCVSS 7.5 v3·EPSS 0.4%·Fix available
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
Published 2026-04-04
- HighCVSS 9.3 v3·EPSS 0.2%·Fix available
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In versions prior to 3.27.0, an issue in Kata with Cloud Hypervisor allows a user of the container to modify the file system used by the Guest micro VM ultimately achieving arbitrary code execution as root in said VM. The current understanding is this doesn’t impact the security of the Host or of other containers / VMs running on that Host (note that arm64 QEMU lacks NVDIMM read-only support: It is believed that until the upstream QEMU gains this capability, a guest write could reach the image file). Version 3.27.0 patches the issue.
Published 2026-02-24
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be abused by a local attacker to place files in high-privilege locations, potentially leading to privilege escalation.
Published 2026-02-03
- CVSS 3.3 v3·EPSS 0.2%·Fix available
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can access files owned by users different from the one who added the connection.
Published 2026-01-26
- CriticalCVSS 9.1 v3·EPSS 1.6%·Fix available
A flaw in Node.js’s Permissions model allows attackers to bypass `--allow-fs-read` and `--allow-fs-write` restrictions using crafted relative symlink paths. By chaining directories and symlinks, a script granted access only to the current directory can escape the allowed path and read sensitive files. This breaks the expected isolation guarantees and enables arbitrary file read/write, leading to potential system compromise. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
Published 2026-01-20
- HighCVSS 7.5 v3·EPSS 0.2%·No fix yet
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted information.
Published 2025-11-06
- HighCVSS 7.0 v3·EPSS 0.1%·No fix yet
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.
Published 2025-11-06
- HighCVSS 8.8 v3·EPSS 0.6%·Fix available
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls.
Published 2025-10-30
- MediumCVSS 4.3 v3·EPSS 0.2%·No fix yet
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
Published 2025-10-29
- MediumCVSS 4.4 v3·EPSS 0.1%·No fix yet
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published 2025-09-04
- UnscoredCVSS -·EPSS 0.3%·No fix yet
Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages
Published 2025-07-08
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254.
Published 2025-06-10
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025.
Published 2025-06-10
- CriticalCVSS 9.1 v3·EPSS 0.4%·No fix yet
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025
Published 2025-06-10
- HighCVSS 7.5 v3·EPSS 0.4%·No fix yet
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
Published 2025-06-10
- CVSS 3.3 v3·EPSS 0.1%·No fix yet
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Published 2025-06-08
- MediumCVSS 5.5 v3·EPSS 0.1%·No fix yet
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Published 2025-06-08
- CVSS 3.3 v3·EPSS 0.1%·No fix yet
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Published 2025-06-08
- MediumCVSS 5.5 v3·EPSS 0.1%·No fix yet
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
Published 2025-06-08
- UnscoredCVSS -·EPSS 0.1%·No fix yet
SystemUI has an incorrect component protection setting, which allows access to specific information.
Published 2025-06-06
- HighCVSS 7.8 v3·EPSS 0.1%·Fix available
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
Published 2025-06-05
- MediumCVSS 6.0 v3·EPSS 0.3%·Fix available
CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low.
Published 2025-05-28
- HighCVSS 7.5 v3·EPSS 0.3%·No fix yet
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of adequate access control on the /user/list?culture=en-us endpoint.
Published 2025-04-29
- UnscoredCVSS -·EPSS 0.3%·Fix available
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.
Published 2025-04-10
- UnscoredCVSS -·EPSS 0.3%·Fix available
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
Published 2025-04-10
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network.
Published 2025-03-31
- HighCVSS 7.8 v3·EPSS 0.3%·Fix available
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
Published 2025-03-31
- HighCVSS 7.8 v3·EPSS 0.2%·Fix available
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
Published 2025-03-31
- HighCVSS 8.0 v3·EPSS 0.4%·No fix yet
An issue in Open Panel v.0.3.4 allows a remote attacker to escalate privileges via the Fix Permissions function
Published 2025-03-14
- HighCVSS 8.8 v3·EPSS 0.4%·No fix yet
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint
Published 2025-03-12
- HighCVSS 7.8 v3·EPSS 0.1%·No fix yet
In wl_notify_gscan_event of wl_cfgscan.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published 2025-03-10
- HighCVSS 8.4 v3·EPSS 0.1%·No fix yet
In dhd_process_full_gscan_result of dhd_pno.c, there is a possible EoP due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published 2025-03-10
- CVSS 3.8 v3·EPSS 0.2%·No fix yet
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
Published 2025-02-27
- CriticalCVSS 9.8 v3·EPSS 0.8%·No fix yet
Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
Published 2025-02-14
- MediumCVSS 4.3 v3·EPSS 0.3%·Fix available
Discourse is an open source platform for community discussion. In affected versions users who disable chat in preferences could still be reachable in some cases. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable the chat plugin within site settings.
Published 2025-02-04
Uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog.