Search Results (350 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53934 2026-04-15 7.7 High
The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component.
CVE-2025-7346 1 Pyload 1 Pyload 2026-04-15 N/A
Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages
CVE-2025-0914 2026-04-15 3.8 Low
An improper access control issue in the VQL shell feature in Velociraptor Versions < 0.73.4 allowed authenticated users to execute the execve() plugin in deployments where this was explicitly forbidden by configuring the prevent_execve flag in the configuration file. This setting is not usually recommended and is uncommonly used, so this issue will only affect users who do set it. This issue is fixed in release 0.73.4.
CVE-2024-9333 2026-04-15 N/A
Permissions bypass in M-Files Connector for Copilot before version 24.9.3 allows authenticated user to access limited amount of documents via incorrect access control list calculation
CVE-2025-32696 2026-04-15 N/A
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/actions/RevertAction.Php, includes/api/ApiFileRevert.Php. This issue affects MediaWiki: before 1.39.12, 1.42.6, 1.43.1.
CVE-2025-32697 2026-04-15 N/A
Improper Preservation of Permissions vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/editpage/IntroMessageBuilder.Php, includes/Permissions/PermissionManager.Php, includes/Permissions/RestrictionStore.Php. This issue affects MediaWiki: before 1.42.6, 1.43.1.
CVE-2023-32199 1 Suse 1 Rancher 2026-04-15 4.3 Medium
A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs
CVE-2025-24337 2026-04-15 8.4 High
WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.
CVE-2025-25711 2026-04-15 8.8 High
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint
CVE-2024-52869 2026-04-15 6 Medium
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise.
CVE-2025-43697 2026-04-15 7.5 High
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025
CVE-2024-43784 2026-04-15 5.7 Medium
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames.
CVE-2026-35385 1 Openbsd 1 Openssh 2026-04-03 7.5 High
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
CVE-2025-30449 1 Apple 1 Macos 2026-04-02 7.8 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges.
CVE-2024-54557 1 Apple 1 Macos 2026-04-02 7.5 High
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2, macOS Ventura 13.7.2. An attacker may gain access to protected parts of the file system.
CVE-2024-54516 1 Apple 1 Macos 2026-04-02 3.3 Low
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to approve a launch daemon without user consent.
CVE-2024-54513 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-04-02 5.7 Medium
A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. An app may be able to access sensitive user data.
CVE-2024-44193 1 Apple 1 Itunes 2026-04-02 8.4 High
A logic issue was addressed with improved restrictions. This issue is fixed in iTunes 12.13.3 for Windows. A local attacker may be able to elevate their privileges.
CVE-2024-40828 1 Apple 1 Macos 2026-04-02 8.4 High
The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A malicious app may be able to gain root privileges.
CVE-2024-40824 1 Apple 6 Ipad Os, Ipados, Iphone Os and 3 more 2026-04-02 7.7 High
This issue was addressed through improved state management. This issue is fixed in iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6, tvOS 17.6, watchOS 10.6. An app may be able to bypass Privacy preferences.