Total
338 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24791 | 2 Linux, Snowflake | 2 Linux Kernel, Snowflake Connector | 2025-08-20 | 4.4 Medium |
| snowflake-connector-nodejs is a NodeJS driver for Snowflake. Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. | ||||
| CVE-2025-7346 | 1 Pyload | 1 Pyload | 2025-07-13 | N/A |
| Any unauthenticated attacker can bypass the localhost restrictions posed by the application and utilize this to create arbitrary packages | ||||
| CVE-2024-52522 | 1 Rclone | 1 Rclone | 2025-07-12 | 6.8 Medium |
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2. | ||||
| CVE-2024-3289 | 1 Tenable | 1 Nessus | 2025-07-12 | 7.8 High |
| When installing Nessus to a directory outside of the default location on a Windows host, Nessus versions prior to 10.7.3 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not secured the directories in the non-default installation location. | ||||
| CVE-2024-50929 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.2 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | ||||
| CVE-2024-50928 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller. | ||||
| CVE-2024-50924 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller. | ||||
| CVE-2024-50921 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 6.5 Medium |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. | ||||
| CVE-2024-50920 | 1 Silabs | 15 Efr32zg14p231f256gm32, Efr32zg23a010f512gm40, Efr32zg23a010f512gm48 and 12 more | 2025-07-01 | 8.8 High |
| Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | ||||
| CVE-2024-50930 | 1 Silabs | 3 Z-wave Software Development Kit, Zm5101, Zm5202 | 2025-07-01 | 8.8 High |
| An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. | ||||
| CVE-2024-50931 | 1 Silabs | 3 Z-wave Software Development Kit, Zm5101, Zm5202 | 2025-07-01 | 4.6 Medium |
| Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | ||||
| CVE-2025-3260 | 1 Grafana | 1 Grafana | 2025-06-24 | 8.3 High |
| A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1). Impact: - Viewers can view all dashboards/folders regardless of permissions - Editors can view/edit/delete all dashboards/folders regardless of permissions - Editors can create dashboards in any folder regardless of permissions - Anonymous users with viewer/editor roles are similarly affected Organization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources. | ||||
| CVE-2025-21541 | 1 Oracle | 1 Workflow | 2025-06-23 | 5.4 Medium |
| Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data as well as unauthorized read access to a subset of Oracle Workflow accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2025-21544 | 1 Oracle | 1 Communications Order And Service Management | 2025-06-20 | 5.4 Medium |
| Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order and Service Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Service Management accessible data as well as unauthorized read access to a subset of Oracle Communications Order and Service Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2025-43701 | 2025-06-12 | 7.5 High | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data. This impacts OmniStudio: before version 254. | ||||
| CVE-2025-43697 | 2025-06-12 | 7.5 High | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025 | ||||
| CVE-2025-43698 | 2025-06-12 | 9.1 Critical | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects. This impacts OmniStudio: before Spring 2025 | ||||
| CVE-2025-43700 | 2025-06-12 | 7.5 High | ||
| Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data. This impacts OmniStudio: before Spring 2025. | ||||
| CVE-2025-43026 | 2025-06-11 | N/A | ||
| A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write. | ||||
| CVE-2024-33921 | 1 Wpdeveloper | 1 Reviewx | 2025-06-10 | 4.3 Medium |
| Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | ||||