Search Results (1965 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45494 2026-04-15 9.8 Critical
An issue was discovered in MSA FieldServer Gateway 5.0.0 through 6.5.2 (Fixed in 7.0.0). The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions.
CVE-2024-46505 2026-04-15 9.1 Critical
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.
CVE-2024-45067 2026-04-15 8.2 High
Incorrect default permissions in some Intel(R) Gaudi(R) software installers before version 1.18 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-42028 1 Ubiquiti 1 Unifi Network Application 2026-04-15 8.8 High
A Local privilege escalation vulnerability found in a Self-Hosted UniFi Network Server with UniFi Network Application (Version 8.4.62 and earlier) allows a malicious actor with a local operational system user to execute high privilege actions on UniFi Network Server.
CVE-2024-4030 1 Python 1 Cpython 2026-04-15 7.1 High
On Windows a directory returned by tempfile.mkdtemp() would not always have permissions set to restrict reading and writing to the temporary directory by other users, instead usually inheriting the correct permissions from the default location. Alternate configurations or users without a profile directory may not have the intended permissions. If you’re not using Windows or haven’t changed the temporary directory location then you aren’t affected by this vulnerability. On other platforms the returned directory is consistently readable and writable only by the current user. This issue was caused by Python not supporting Unix permissions on Windows. The fix adds support for Unix “700” for the mkdir function on Windows which is used by mkdtemp() to ensure the newly created directory has the proper permissions.
CVE-2024-38531 1 Nixos 1 Nix 2026-04-15 3.6 Low
Nix is a package manager for Linux and other Unix systems that makes package management reliable and reproducible. A build process has access to and can change the permissions of the build directory. After creating a setuid binary in a globally accessible location, a malicious local user can assume the permissions of a Nix daemon worker and hijack all future builds. This issue was patched in version(s) 2.23.1, 2.22.2, 2.21.3, 2.20.7, 2.19.5 and 2.18.4.
CVE-2024-38499 2026-04-15 8.8 High
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands.
CVE-2024-37025 1 Intel Advanced Link Analyzer Standard Edition Software Installer 1 Intel Advanced Link Analyzer Standard Edition Software Installer 2026-04-15 6.7 Medium
Incorrect execution-assigned permissions in some Intel(R) Advanced Link Analyzer Standard Edition software installer before version 23.1.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36063 1 Goodwy Com 1 Right Dialer 2026-04-15 7.5 High
The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component.
CVE-2024-34474 2026-04-15 7.8 High
Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM.
CVE-2024-34455 2026-04-15 7.5 High
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. A fix was released in 2024.02.2.
CVE-2024-32861 1 Johnsoncontrols 1 Software House C-cure 9000 2026-04-15 7.8 High
Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions.
CVE-2024-29417 2026-04-15 8.4 High
Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function.
CVE-2024-24809 1 Traccar 1 Traccar 2026-04-15 8.5 High
Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue.
CVE-2024-23847 1 Yokogawa Rental Lease Corporation 1 Unifier 2026-04-15 5.9 Medium
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVE-2024-21960 2026-04-15 7.3 High
Incorrect default permissions in the AMD Optimizing CPU Libraries (AOCL) installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2024-21820 1 Intel 4 3rd Generation Intel Xeon Scalable Processor Family, 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family and 1 more 2026-04-15 7.2 High
Incorrect default permissions in some Intel(R) Xeon(R) processor memory controller configurations when using Intel(R) SGX may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-2175 1 Lenovo 2 Accessories And Display Manager, Display Control Center 2026-04-15 7.8 High
An insecure permissions vulnerability was reported in Lenovo Display Control Center (LDCC) and Lenovo Accessories and Display Manager (LADM) that could allow a local attacker to escalate privileges.
CVE-2024-12903 2026-04-15 7.8 High
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).
CVE-2024-11969 1 Cradlepoint 1 Netcloud Exhange Client 2026-04-15 8.8 High
The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the ‘Everyone’ group (i.e. any user who has local access to the operating system regardless of their privileges).