Search Results (1776 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6780 2026-04-15 3.3 Low
Improper permission control in the mobile application (com.android.server.telecom) may lead to user information security risks.
CVE-2025-54546 1 Arista 1 Danz Monitoring Fabric 2026-04-15 7.5 High
On affected platforms, restricted users could use SSH port forwarding to access host-internal services
CVE-2025-10541 1 Imonitor 1 Imonitor Eam 2026-04-15 7.8 High
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the application’s installation path and executed with SYSTEM privileges, leading to privilege escalation.
CVE-2025-61969 1 Amd 1 Amd Uprof 2026-04-15 N/A
Incorrect permission assignment in AMD µProf may allow a local user-privileged attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2025-42997 2026-04-15 6.6 Medium
Under certain conditions, SAP Gateway Client allows a high-privileged user to access restricted information beyond the scope of the application. Due to the possibility of influencing application behavior or performance through misuse of the exposed data, this may potentially lead to low impact on confidentiality, integrity, and availability.
CVE-2025-12148 1 Search-guard 1 Search Guard 2026-04-15 N/A
In Search Guard versions 3.1.1 and earlier, Field Masking (FM) rules are improperly enforced on fields of type IP (IP Address). While the content of these fields is properly redacted in the _source document returned by search operations, the results do return documents (hits) when searching based on a specific IP values. This allows to reconstruct the original contents of the field. Workaround - If you cannot upgrade immediately, you can avoid the problem by using field level security (FLS) protection on fields of the affected types instead of field masking.
CVE-2024-2905 1 Redhat 3 Enterprise Linux, Openshift, Rhel Eus 2026-04-15 6.2 Medium
A security vulnerability has been discovered within rpm-ostree, pertaining to the /etc/shadow file in default builds having the world-readable bit enabled. This issue arises from the default permissions being set at a higher level than recommended, potentially exposing sensitive authentication data to unauthorized access.
CVE-2024-12363 2026-04-15 7.1 High
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management.
CVE-2025-30408 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39904, Acronis Cyber Protect 16 (Windows) before build 39938.
CVE-2025-23258 1 Nvidia 1 Doca 2026-04-15 7.3 High
NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2025-50675 2026-04-15 7.8 High
GPMAW 14, a bioinformatics software, has a critical vulnerability related to insecure file permissions in its installation directory. The directory is accessible with full read, write, and execute permissions for all users, allowing unprivileged users to manipulate files within the directory, including executable files like GPMAW3.exe, Fragment.exe, and the uninstaller GPsetup64_17028.exe. An attacker with user-level access can exploit this misconfiguration by replacing or modifying the uninstaller (GPsetup64_17028.exe) with a malicious version. While the application itself runs in the user's context, the uninstaller is typically executed with administrative privileges when an administrator attempts to uninstall the software. By exploiting this flaw, an attacker could gain administrative privileges and execute arbitrary code in the context of the admin, resulting in privilege escalation.
CVE-2023-32190 1 Suse 1 Opensuse Tumbleweed 2026-04-15 7.8 High
mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges.
CVE-2025-9578 2 Acronis, Microsoft 2 Cyber Protect Cloud Agent, Windows 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734.
CVE-2025-54545 1 Arista 1 Danz Monitoring Fabric 2026-04-15 7.8 High
On affected platforms, a restricted user could break out of the CLI sandbox to the system shell and elevate their privileges.
CVE-2024-28745 2026-04-15 3.3 Low
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.
CVE-2025-23257 1 Nvidia 1 Doca 2026-04-15 7.3 High
NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges.
CVE-2020-36938 1 Winavr 1 Winavr 2026-04-15 8.8 High
WinAVR version 20100110 contains an insecure permissions vulnerability that allows authenticated users to modify system files and executables. Attackers can leverage the overly permissive access controls to potentially modify critical DLLs and executable files in the WinAVR installation directory.
CVE-2025-0590 2026-04-15 7.5 High
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to information leakage risk.
CVE-2024-37574 2026-04-15 8.2 High
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.
CVE-2024-32010 1 Siemens 1 Spectrum Power 4 2026-04-15 7.8 High
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP12 Update 2). The affected application is vulnerable to extraction of database credentials via a world-readable credential file. This allows an attacker to connect to the database as privileged application user and to run system commands via the database.