Search Results (1545 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-49084 1 Absolute 1 Secure Access 2025-08-05 9.1 Critical
CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are high and no user interaction is required. There is no impact to confidentiality, the impact to integrity is low, and there is no impact to availability. The impact to confidentiality and availability of subsequent systems is high and the impact to the integrity of subsequent systems is low.
CVE-2025-49082 1 Absolute 1 Secure Access 2025-08-05 2.7 Low
CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, there is no impact to system availability or integrity.
CVE-2025-54085 1 Absolute 1 Secure Access 2025-08-05 3.8 Low
CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.
CVE-2025-21106 1 Dell 1 Recoverpoint For Virtual Machines 2025-07-31 5.5 Medium
Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system.
CVE-2024-9858 2 Google, Google Cloud 2 Migrate To Containers, Migrate To Containers 2025-07-30 7.8 High
There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond
CVE-2024-47013 1 Google 1 Android 2025-07-24 7.8 High
In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-47014 1 Google 1 Android 2025-07-24 8.8 High
Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292.
CVE-2024-47016 1 Google 1 Android 2025-07-24 7.8 High
there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-11624 1 Google 1 Android 2025-07-24 7.8 High
there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-53835 1 Google 1 Android 2025-07-24 7.8 High
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-53840 1 Google 1 Android 2025-07-24 7.8 High
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-53841 1 Google 1 Android 2025-07-24 7.8 High
In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-38459 1 Langchain 2 Langchain-experimental, Langchain Experimental 2025-07-16 7.8 High
langchain_experimental (aka LangChain Experimental) before 0.0.61 for LangChain provides Python REPL access without an opt-in step. NOTE; this issue exists because of an incomplete fix for CVE-2024-27444.
CVE-2025-3617 1 Rockwellautomation 1 Thinmanager 2025-07-14 7.8 High
A privilege escalation vulnerability exists in the Rockwell Automation ThinManager. When the software starts up, files are deleted in the temporary folder causing the Access Control Entry of the directory to inherit permissions from the parent directory. If exploited, a threat actor could inherit elevated privileges.
CVE-2024-1605 1 Bmc 1 Control-m 2025-07-12 6.6 Medium
BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201.
CVE-2018-9434 1 Google 1 Android 2025-07-10 7.8 High
In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2018-9401 1 Google 1 Android 2025-07-10 7.8 High
In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-46544 3 Apache, Debian, Redhat 6 Tomcat Connectors, Debian Linux, Enterprise Linux and 3 more 2025-07-10 5.9 Medium
Incorrect Default Permissions vulnerability in Apache Tomcat Connectors allows local users to view and modify shared memory containing mod_jk configuration which may lead to information disclosure and/or denial of service. This issue affects Apache Tomcat Connectors: from 1.2.9-beta through 1.2.49. Only mod_jk on Unix like systems is affected. Neither the ISAPI redirector nor mod_jk on Windows is affected. Users are recommended to upgrade to version 1.2.50, which fixes the issue.
CVE-2024-39924 2 Dani-garcia, Vaultwarden 2 Vaultwarden, Vaultwarden 2025-07-10 8.8 High
An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been identified in the authentication and authorization process of the endpoint responsible for altering the metadata of an emergency access. It permits an attacker with granted emergency access to escalate their privileges by changing the access level and modifying the wait time. Consequently, the attacker can gain full control over the vault (when only intended to have read access) while bypassing the necessary wait period.
CVE-2025-52900 1 Filebrowser 1 Filebrowser 2025-07-10 5.5 Medium
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.