Total
1447 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-5622 | 1 Oneplus | 3 Oneplus 3, Oneplus 3t, Oxygenos | 2025-04-20 | N/A |
| With OxygenOS before 4.0.3, when a charger is connected to a powered-off OnePlus 3 or 3T device, the platform starts with adbd enabled. Therefore, a malicious charger or a physical attacker can open up, without authorization, an ADB session with the device, in order to further exploit other vulnerabilities and/or exfiltrate sensitive information. | ||||
| CVE-2017-8625 | 1 Microsoft | 3 Internet Explorer, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass Vulnerability". | ||||
| CVE-2017-4975 | 1 Pivotal | 1 Pcf Tile Generator | 2025-04-20 | N/A |
| An issue was discovered in Pivotal PCF Tile Generator versions prior to 6.0.0. Tiles created by the PCF Tile Generator create a running open security group that overrides security groups set by the operator. | ||||
| CVE-2017-0847 | 1 Google | 1 Android | 2025-04-20 | N/A |
| An elevation of privilege vulnerability in the Android media framework (mediaanalytics). Product: Android. Versions: 8.0. Android ID: A-65540999. | ||||
| CVE-2017-7968 | 1 Schneider-electric | 1 Wonderware Indusoft Web Studio | 2025-04-20 | N/A |
| An Incorrect Default Permissions issue was discovered in Schneider Electric Wonderware InduSoft Web Studio v8.0 Patch 3 and prior versions. Upon installation, Wonderware InduSoft Web Studio creates a new directory and two files, which are placed in the system's path and can be manipulated by non-administrators. This could allow an authenticated user to escalate his or her privileges. | ||||
| CVE-2017-11610 | 4 Debian, Fedoraproject, Redhat and 1 more | 5 Debian Linux, Fedora, Cloudforms and 2 more | 2025-04-20 | N/A |
| The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.x before 3.3.3 allows remote authenticated users to execute arbitrary commands via a crafted XML-RPC request, related to nested supervisord namespace lookups. | ||||
| CVE-2022-48685 | 1 Logpoint | 2 Logpoint, Siem | 2025-04-18 | 7.7 High |
| An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation. | ||||
| CVE-2024-34221 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 8.8 High |
| Sourcecodester Human Resource Management System 1.0 is vulnerable to Insecure Permissions resulting in privilege escalation. | ||||
| CVE-2024-34223 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-18 | 4.3 Medium |
| Insecure permission vulnerability in /hrm/leaverequest.php in SourceCodester Human Resource Management System 1.0 allow attackers to approve or reject leave ticket. | ||||
| CVE-2022-45793 | 1 Omron | 1 Automation Software Sysmac Studio | 2025-04-17 | 5.5 Medium |
| Sysmac Studio installs executables in a directory with poor permissions. This can allow a locally-authenticated attacker to overwrite files which will result in code execution with privileges of a different user. | ||||
| CVE-2022-47551 | 1 Apiman | 1 Apiman | 2025-04-17 | 6.5 Medium |
| Apiman 1.5.7 through 2.2.3.Final has insufficient checks for read permissions within the Apiman Manager REST API. The root cause of the issue is the Apiman project's accidental acceptance of a large contribution that was not fully compatible with the security model of Apiman versions before 3.0.0.Final. Because of this, 3.0.0.Final is not affected by the vulnerability. | ||||
| CVE-2020-14521 | 1 Mitsubishielectric | 60 C Controller Interface Module Utility, C Controller Module Setting And Monitoring Tool, Cc-link Ie Control Network Data Collector and 57 more | 2025-04-16 | 8.3 High |
| Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. | ||||
| CVE-2022-26839 | 1 Deltaww | 1 Diaenergie | 2025-04-16 | 7.8 High |
| Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to an incorrect default permission in the DIAEnergie application, which may allow an attacker to plant new files (such as DLLs) or replace existing executable files. | ||||
| CVE-2022-3263 | 1 Measuresoft | 1 Scadapro Server | 2025-04-16 | 7.8 High |
| The security descriptor of Measuresoft ScadaPro Server version 6.7 has inconsistent permissions, which could allow a local user with limited privileges to modify the service binary path and start malicious commands with SYSTEM privileges. | ||||
| CVE-2024-22085 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 6.2 Medium |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. | ||||
| CVE-2022-23922 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2025-04-16 | 5.6 Medium |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the Program Announcer directory and elevate permissions whenever the program is executed. | ||||
| CVE-2022-23104 | 1 Win-911 | 2 Win-911 2021 R1, Win-911 2021 R2 | 2025-04-16 | 5.6 Medium |
| WIN-911 2021 R1 and R2 are vulnerable to a permissions misconfiguration that may allow an attacker to locally write files to the program Operator Workspace directory, which holds DLL files and executables. A low-privilege attacker could write a malicious DLL file to the Operator Workspace directory to achieve privilege escalation and the permissions of the user running the program. | ||||
| CVE-2021-43986 | 1 Fanuc | 1 Roboguide | 2025-04-16 | 6 Medium |
| The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation. | ||||
| CVE-2022-29909 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2025-04-16 | 8.8 High |
| Documents in deeply-nested cross-origin browsing contexts could have obtained permissions granted to the top-level origin, bypassing the existing prompt and wrongfully inheriting the top-level permissions. This vulnerability affects Thunderbird < 91.9, Firefox ESR < 91.9, and Firefox < 100. | ||||
| CVE-2021-40388 | 1 Advantech | 1 Sq Manager | 2025-04-15 | 8.8 High |
| A privilege escalation vulnerability exists in Advantech SQ Manager Server 1.0.6. A specially-crafted file can be replaced in the system to escalate privileges to NT SYSTEM authority. An attacker can provide a malicious file to trigger this vulnerability. | ||||