Total
1382 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-0245 | 2025-10-15 | N/A | 5.5 MEDIUM | ||
| A misconfiguration in the AndroidManifest.xml file in hamza417/inure before build97 allows for task hijacking. This vulnerability permits malicious applications to inherit permissions of the vulnerable app, potentially leading to the exposure of sensitive information. An attacker can create a malicious app that hijacks the legitimate Inure app, intercepting and stealing sensitive information when installed on the victim's device. This issue affects all Android versions before Android 11. | |||||
| CVE-2025-8069 | 2025-10-14 | N/A | 7.8 HIGH | ||
| During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2. | |||||
| CVE-2025-0797 | 1 Escanav | 1 Escan Anti-virus | 2025-10-09 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been declared as problematic. This vulnerability affects unknown code of the file /var/Microworld/ of the component Quarantine Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-13188 | 1 Escanav | 1 Escan Anti-virus | 2025-10-09 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11535 | 2025-10-09 | N/A | N/A | ||
| MongoDB Connector for BI installation via MSI on Windows leaves ACLs unset on custom install directories allows Privilege Escalation.This issue affects MongoDB Connector for BI: from 2.0.0 through 2.14.24. | |||||
| CVE-2024-52551 | 1 Jenkins | 1 Pipeline\ | 2025-10-08 | N/A | 8.0 HIGH |
| Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no longer approved. | |||||
| CVE-2024-54745 | 1 Wavlink | 2 Wn701ae, Wn701ae Firmware | 2025-10-03 | N/A | 9.8 CRITICAL |
| WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2024-54747 | 1 Wavlink | 2 Wn531p3, Wn531p3 Firmware | 2025-10-03 | N/A | 9.8 CRITICAL |
| WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | |||||
| CVE-2025-34191 | 3 Apple, Linux, Vasion | 4 Macos, Linux Kernel, Virtual Appliance Application and 1 more | 2025-10-02 | N/A | 8.4 HIGH |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host versions prior to 22.0.843 and Application prior to 20.0.1923 (macOS/Linux client deployments) contain an arbitrary file write vulnerability via the response file handling. When tasks produce output the service writes response data into files under /opt/PrinterInstallerClient/tmp/responses/ reusing the requested filename. The service follows symbolic links in the responses directory and writes as the service user (typically root), allowing a local, unprivileged user to cause the service to overwrite or create arbitrary files on the filesystem as root. This can be used to modify configuration files, replace or inject binaries or drivers, and otherwise achieve local privilege escalation and full system compromise. This vulnerability has been identified by the vendor as: V-2023-019 — Arbitrary File Write as Root. | |||||
| CVE-2025-57852 | 2025-10-02 | N/A | 5.2 MEDIUM | ||
| A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | |||||
| CVE-2025-23297 | 2025-10-02 | N/A | 7.8 HIGH | ||
| NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges. | |||||
| CVE-2024-55398 | 1 4cstrategies | 1 Exonaut | 2025-10-01 | N/A | 6.5 MEDIUM |
| 4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions. | |||||
| CVE-2024-46465 | 2 Microsoft, Primx | 2 Windows, Cryhod | 2025-10-01 | N/A | 7.8 HIGH |
| By default, dedicated folders of CRYHOD for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of CRYHOD has to be modified to prevent this vulnerability. | |||||
| CVE-2024-48533 | 1 Esoftplanner | 1 Esoft Planner | 2025-10-01 | N/A | 5.3 MEDIUM |
| A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. | |||||
| CVE-2024-40514 | 1 Themesbrand | 1 Chatvia | 2025-09-30 | N/A | 4.6 MEDIUM |
| Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | |||||
| CVE-2025-55111 | 2 Bmc, Linux | 2 Control-m\/agent, Linux Kernel | 2025-09-29 | N/A | 5.5 MEDIUM |
| Certain files with overly permissive permissions were identified in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported versions as well as in newer versions which were upgraded from an affected version. These files contain keys and passwords relating to SSL files, keystore and policies. An attacker with local access to the system running the Agent can access these files. | |||||
| CVE-2024-58046 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.2 MEDIUM |
| Permission management vulnerability in the lock screen module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-27521 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.8 MEDIUM |
| Vulnerability of improper access permission in the process management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2024-58050 | 1 Huawei | 1 Harmonyos | 2025-09-26 | N/A | 6.2 MEDIUM |
| Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||