Search Results (1966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-59030 1 Powerdns 1 Recursor 2026-02-19 7.5 High
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
CVE-2023-29131 1 Siemens 1 Simatic Cn 4100 Firmware 2026-02-18 7.4 High
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.
CVE-2025-69604 1 Shirt-pocket 2 Superduper!, Superduper\! 2026-02-13 7.8 High
An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls.
CVE-2025-29801 1 Microsoft 1 Autoupdate 2026-02-13 7.8 High
Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.
CVE-2025-59106 2 Dormakaba, Dormakabagroup 13 Access Manager, Dormakaba Access Manager 9200-k5, Dormakaba Access Manager 9200-k5 Firmware and 10 more 2026-02-12 8.8 High
The binary serving the web server and executing basically all actions launched from the Web UI is running with root privileges. This is against the least privilege principle. If an attacker is able to execute code on the system via other vulnerabilities it is possible to directly execute commands with highest privileges.
CVE-2025-15339 1 Tanium 2 Discover, Service Discover 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Discover.
CVE-2025-15341 1 Tanium 2 Benchmark, Service Benchmark 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Benchmark.
CVE-2025-15343 1 Tanium 2 Enforce, Service Enforce 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Enforce.
CVE-2025-15335 1 Tanium 2 Service Threatresponse, Threat Response 2026-02-10 4.3 Medium
Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15334 1 Tanium 2 Service Threatresponse, Threat Response 2026-02-10 4.3 Medium
Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15333 1 Tanium 2 Service Threatresponse, Threat Response 2026-02-10 4.3 Medium
Tanium addressed an information disclosure vulnerability in Threat Response.
CVE-2025-15340 1 Tanium 2 Comply, Service Comply 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Comply.
CVE-2025-15338 1 Tanium 2 Partner Integration, Service Partnerintegration 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Partner Integration.
CVE-2025-15337 1 Tanium 2 Patch, Service Patch 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Patch.
CVE-2025-15336 1 Tanium 2 Performance, Service Performance 2026-02-10 6.5 Medium
Tanium addressed an incorrect default permissions vulnerability in Performance.
CVE-2025-55132 1 Nodejs 2 Node.js, Nodejs 2026-02-03 5.3 Medium
A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25.
CVE-2025-20984 1 Samsung 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more 2026-02-02 6.8 Medium
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
CVE-2025-20910 1 Samsung 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more 2026-02-02 6.2 Medium
Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.
CVE-2025-8485 1 Lenovo 1 App Store 2026-02-02 7.3 High
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application.
CVE-2024-55930 1 Xerox 1 Workplace Suite 2026-01-30 6.7 Medium
Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files