Total
1417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-5819 | 1 Gitlab | 1 Gitlab | 2025-08-29 | N/A | 5.0 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions from 15.7 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users with developer access to obtain ID tokens for protected branches under certain circumstances. | |||||
| CVE-2025-9578 | 2025-08-29 | N/A | 7.8 HIGH | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | |||||
| CVE-2025-43268 | 2025-08-29 | N/A | 7.8 HIGH | ||
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.6. A malicious app may be able to gain root privileges. | |||||
| CVE-2025-53396 | 2025-08-29 | N/A | 7.0 HIGH | ||
| Incorrect permission assignment for critical resource issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier), which may allow users who can log in to a client terminal to obtain root privileges. | |||||
| CVE-2025-30063 | 2025-08-29 | N/A | N/A | ||
| The configuration file containing database logins and passwords is readable by any local user. | |||||
| CVE-2025-43729 | 2025-08-29 | N/A | 7.8 HIGH | ||
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | |||||
| CVE-2025-0093 | 2025-08-29 | N/A | 7.5 HIGH | ||
| In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | |||||
| CVE-2024-41974 | 2025-08-27 | N/A | 7.1 HIGH | ||
| A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | |||||
| CVE-2024-41970 | 2025-08-27 | N/A | 5.7 MEDIUM | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | |||||
| CVE-2024-22029 | 2025-08-26 | N/A | 7.8 HIGH | ||
| Insecure permissions in the packaging of tomcat allow local users that win a race during package installation to escalate to root | |||||
| CVE-2024-24912 | 2 Checkpoint, Microsoft | 2 Harmony Endpoint, Windows | 2025-08-26 | N/A | 6.7 MEDIUM |
| A local privilege escalation vulnerability has been identified in Harmony Endpoint Security Client for Windows versions E88.10 and below. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. | |||||
| CVE-2024-24910 | 2 Checkpoint, Microsoft | 3 Identity Agent, Zonealarm Extreme Security, Windows | 2025-08-26 | N/A | 7.3 HIGH |
| A local attacker can escalate privileges on affected Check Point ZoneAlarm Extreme Security NextGen, Identity Agent for Windows, and Identity Agent for Windows Terminal Server. To exploit this vulnerability, an attacker must first obtain the ability to execute local privileged code on the target system. | |||||
| CVE-2025-48382 | 1 Codelibs | 1 Fess | 2025-08-26 | N/A | 5.5 MEDIUM |
| Fess is a deployable Enterprise Search Server. Prior to version 14.19.2, the createTempFile() method in org.codelibs.fess.helper.SystemHelper creates temporary files without explicitly setting restrictive permissions. This could lead to potential information disclosure, allowing unauthorized local users to access sensitive data contained in these files. This issue primarily affects environments where Fess is deployed in a shared or multi-user context. Typical single-user or isolated deployments have minimal or negligible practical impact. This issue has been patched in version 14.19.2. A workaround for this issue involves ensuring local access to the environment running Fess is restricted to trusted users only. | |||||
| CVE-2024-3250 | 1 Canonical | 1 Pebble | 2025-08-26 | N/A | 6.5 MEDIUM |
| It was discovered that Canonical's Pebble service manager read-file API and the associated pebble pull command, before v1.10.2, allowed unprivileged local users to read files with root-equivalent permissions when Pebble was running as root. Fixes are also available as backports to v1.1.1, v1.4.2, and v1.7.4. | |||||
| CVE-2025-32915 | 3 Checkmk, Linux, Oracle | 3 Checkmk, Linux Kernel, Solaris | 2025-08-26 | N/A | 5.5 MEDIUM |
| Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data. | |||||
| CVE-2025-52094 | 2025-08-26 | N/A | 7.8 HIGH | ||
| Insecure Permissions vulnerability in PDQ Smart Deploy V.3.0.2040 allows a local attacker to execute arbtirary code via the \HKLM\SYSTEM\Setup\SmartDeploy component | |||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2025-08-25 | N/A | 9.6 CRITICAL |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | |||||
| CVE-2025-43759 | 2025-08-25 | N/A | N/A | ||
| Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows admin users of a virtual instance to add pages that are not in the default/main virtual instance, then any tenant can create a list of all other tenants. | |||||
| CVE-2024-38864 | 2 Checkmk, Microsoft | 2 Checkmk, Windows | 2025-08-25 | N/A | 3.3 LOW |
| Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | |||||
| CVE-2025-1139 | 2025-08-22 | N/A | 6.1 MEDIUM | ||
| IBM Edge Application Manager 4.5 could allow a local user to read or modify resources that they should not have authorization to access due to incorrect permission assignment. | |||||