Search Results (1545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-0542 2026-04-15 7.8 High
Local privilege escalation due to incorrect assignment of privileges of temporary files in the update mechanism of G DATA Management Server. This vulnerability allows a local, unprivileged attacker to escalate privileges on affected installations by placing a crafted ZIP archive in a globally writable directory, which gets unpacked in the context of SYSTEM and results in arbitrary file write.
CVE-2025-27612 2026-04-15 5.9 Medium
libcontainer is a library for container control. Prior to libcontainer 0.5.3, while creating a tenant container, the tenant builder accepts a list of capabilities to be added in the spec of tenant container. The logic here adds the given capabilities to all capabilities of main container if present in spec, otherwise simply set provided capabilities as capabilities of the tenant container. However, setting inherited caps in any case for tenant container can lead to elevation of capabilities, similar to CVE-2022-29162. This does not affect youki binary itself. This is only applicable if you are using libcontainer directly and using the tenant builder.
CVE-2025-12792 1 Canva 1 Canva 2026-04-15 3.2 Low
The Mac App Store distribution of the Canva for Mac desktop app before 1.117.1 was built without Hardened Runtime. A local threat actor with unprivileged access could execute arbitrary code that inherits the TCC (Transparency, Consent, and Control) permissions assigned to Canva.
CVE-2024-29083 1 Intel 1 Distribution For Python 2026-04-15 6.7 Medium
Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-22447 2026-04-15 N/A
Incorrect access permission of a specific service issue exists in RemoteView Agent (for Windows) versions prior to v8.1.5.2. If this vulnerability is exploited, a non-administrative user on the remote PC may execute an arbitrary OS command with LocalSystem privilege.
CVE-2024-46466 1 Primx 1 Zonecentral 2026-04-15 7.8 High
By default, dedicated folders of ZONECENTRAL for Windows up to 2024.3 or up to Q.2021.2 (ANSSI qualification submission) can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZONECENTRAL has to be modified to prevent this vulnerability.
CVE-2024-46463 2026-04-15 7.8 High
By default, dedicated folders of ORIZON for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ORIZON has to be modified to prevent this vulnerability.
CVE-2024-45494 2026-04-15 9.8 Critical
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
CVE-2024-44786 1 Meabillis Cms 1 Meabillis Cms 2026-04-15 7.5 High
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors.
CVE-2024-46462 2026-04-15 7.8 High
By default, dedicated folders of ZEDMAIL for Windows up to 2024.3 can be accessed by other users to misuse technical files and make them perform tasks with higher privileges. Configuration of ZEDMAIL has to be modified to prevent this vulnerability.
CVE-2024-51051 1 Avscms 1 Avscms 2026-04-15 9.8 Critical
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account.
CVE-2024-4229 2026-04-15 7.8 High
Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify.
CVE-2024-42028 1 Ubiquiti 1 Unifi Network Application 2026-04-15 8.8 High
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
CVE-2024-3904 2026-04-15 8.8 High
Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product.
CVE-2024-48823 1 Automatic Systems 1 Maintenance Slimlane 2026-04-15 9.8 Critical
Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page.
CVE-2025-53945 2026-04-15 7 High
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.
CVE-2024-11468 2026-04-15 7.8 High
Omnissa Horizon Client for macOS contains a Local privilege escalation (LPE) Vulnerability due to a flaw in the installation process. Successful exploitation of this issue may allow attackers with user privileges to escalate their privileges to root on the system where the Horizon Client for macOS is installed.
CVE-2023-45896 1 Linux 1 Linux Kernel 2026-04-15 7.1 High
ntfs3 in the Linux kernel through 6.8.0 allows a physically proximate attacker to read kernel memory by mounting a filesystem (e.g., if a Linux distribution is configured to allow unprivileged mounts of removable media) and then leveraging local access to trigger an out-of-bounds read. A length value can be larger than the amount of memory allocated. NOTE: the supplier's perspective is that there is no vulnerability when an attack requires an attacker-modified filesystem image.
CVE-2024-5321 1 Redhat 1 Openshift 2026-04-15 6.1 Medium
A security issue was discovered in Kubernetes clusters with Windows nodes where BUILTIN\Users may be able to read container logs and NT AUTHORITY\Authenticated Users may be able to modify container logs.
CVE-2023-46270 2026-04-15 3.3 Low
MacPaw The Unarchiver before 4.3.6 contains vulnerability related to missing quarantine attributes for extracted items.