Total
1410 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-1907 | 1 Pgadmin | 1 Pgadmin | 2025-08-27 | 8 High |
| A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | ||||
| CVE-2024-6174 | 1 Canonical | 1 Cloud-init | 2025-08-26 | 8.8 High |
| When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration. | ||||
| CVE-2025-5199 | 2 Apple, Canonical | 2 Macos, Multipass | 2025-08-26 | 7.3 High |
| In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup. | ||||
| CVE-2024-8037 | 1 Canonical | 1 Juju | 2025-08-26 | 6.5 Medium |
| Vulnerable juju hook tool abstract UNIX domain socket. When combined with an attack of JUJU_CONTEXT_ID, any user on the local system with access to the default network namespace may connect to the @/var/lib/juju/agents/unit-xxxx-yyyy/agent.socket and perform actions that are normally reserved to a juju charm. | ||||
| CVE-2023-49721 | 2 Canonical, Tianocore | 2 Lxd, Edk2 | 2025-08-26 | 6.7 Medium |
| An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot. | ||||
| CVE-2024-10469 | 1 Cert | 1 Vince | 2025-08-25 | 4.4 Medium |
| VINCE versions before 3.0.9 is vulnerable to exposure of User information to authenticated users. | ||||
| CVE-2022-32743 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2025-08-22 | 7.5 High |
| Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. | ||||
| CVE-2025-4660 | 2 Forescout, Microsoft | 2 Secureconnector, Windows | 2025-08-21 | 9.8 Critical |
| A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent. This does not impact Linux or OSX Secure Connector. | ||||
| CVE-2025-8098 | 1 Lenovo | 1 Pcmanager | 2025-08-21 | 7.8 High |
| An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-46894 | 1 Siemens | 1 Sinec Ins | 2025-08-20 | 6.3 Medium |
| A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration. | ||||
| CVE-2025-29570 | 1 Szlbt | 2 Lbt-t300-t400, Lbt-t300-t400 Firmware | 2025-08-20 | 7.8 High |
| An issue in Shenzhen Libituo Technology Co., Ltd LBT-T300-T400 v3.2 allows a local attacker to escalate privileges via the function tftp_image_check of a binary named rc. | ||||
| CVE-2024-11872 | 1 Epicgames | 1 Launcher | 2025-08-15 | N/A |
| Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. | ||||
| CVE-2022-29376 | 2 Apachefriends, Microsoft | 2 Xampp, Windows | 2025-08-15 | 8.8 High |
| Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory. | ||||
| CVE-2025-26470 | 1 Intel | 1 Distribution For Python | 2025-08-15 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20023 | 1 Intel | 1 Graphics Driver | 2025-08-13 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20087 | 1 Intel | 2 C++ Compiler, Oneapi | 2025-08-13 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-27559 | 2025-08-13 | 6.7 Medium | ||
| Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-9167 | 1 Ivanti | 1 Velocity License Server | 2025-08-13 | 7.8 High |
| Under specific circumstances, insecure permissions in Ivanti Velocity License Server before version 5.2 allows a local authenticated attacker to achieve local privilege escalation. | ||||
| CVE-2024-39347 | 1 Synology | 1 Router Manager | 2025-08-07 | 5.9 Medium |
| Incorrect default permissions vulnerability in firewall functionality in Synology Router Manager (SRM) before 1.2.5-8227-11 and 1.3.1-9346-8 allows man-in-the-middle attackers to access highly sensitive intranet resources via unspecified vectors. | ||||
| CVE-2025-48950 | 1 Maxkb | 1 Maxkb | 2025-08-06 | 8.8 High |
| MaxKB is an open-source AI assistant for enterprise. Prior to version 1.10.8-lts, Sandbox only restricts the execution permissions of binary files in common directories, such as `/bin,/usr/bin`, etc. Therefore, attackers can exploit some files with execution permissions in non blacklisted directories to carry out attacks. Version 1.10.8-lts fixes the issue. | ||||