Total
1371 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54530 | 1 Jetbrains | 1 Teamcity | 2025-07-31 | 7.5 High |
| In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions | ||||
| CVE-2025-21106 | 1 Dell | 1 Recoverpoint For Virtual Machines | 2025-07-31 | 5.5 Medium |
| Dell Recover Point for Virtual Machines 6.0.X contains a Weak file system permission vulnerability. A low privileged Local attacker could potentially exploit this vulnerability, leading to impacting only non-sensitive resources in the system. | ||||
| CVE-2024-9858 | 2 Google, Google Cloud | 2 Migrate To Containers, Migrate To Containers | 2025-07-30 | 7.8 High |
| There exists an insecure default user permission in Google Cloud Migrate to containers from version 1.1.0 to 1.2.2 Windows installs. A local "m2cuser" was greated with administrator privileges. This posed a security risk if the "analyze" or "generate" commands were interrupted or skipping the action to delete the local user “m2cuser”. We recommend upgrading to 1.2.3 or beyond | ||||
| CVE-2013-0632 | 1 Adobe | 1 Coldfusion | 2025-07-30 | 9.8 Critical |
| administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | ||||
| CVE-2022-22948 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2025-07-30 | 6.5 Medium |
| The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | ||||
| CVE-2025-3528 | 1 Redhat | 1 Mirror Registry | 2025-07-28 | 8.2 High |
| A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod. | ||||
| CVE-2025-45467 | 2025-07-25 | 7.1 High | ||
| Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation. | ||||
| CVE-2025-8069 | 2025-07-25 | 7.8 High | ||
| During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2. | ||||
| CVE-2025-8031 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-07-25 | 9.8 Critical |
| The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1. | ||||
| CVE-2024-47013 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| In pmucal_rae_handle_seq_int of flexpmu_cal_rae.c, there is a possible arbitrary write due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-47014 | 1 Google | 1 Android | 2025-07-24 | 8.8 High |
| Android before 2024-10-05 on Google Pixel devices allows privilege escalation in the ABL component, A-330537292. | ||||
| CVE-2024-47016 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible privilege escalation due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-11624 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53835 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53840 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2024-53841 | 1 Google | 1 Android | 2025-07-24 | 7.8 High |
| In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-2530 | 1 Puppet | 1 Puppet Enterprise | 2025-07-23 | 9.8 Critical |
| A privilege escalation allowing remote code execution was discovered in the orchestration service. | ||||
| CVE-2025-53945 | 2025-07-22 | 7 High | ||
| apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue. | ||||
| CVE-2025-54059 | 2025-07-22 | 4.4 Medium | ||
| melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue. | ||||
| CVE-2024-32861 | 1 Johnsoncontrols | 1 Software House C-cure 9000 | 2025-07-21 | 7.8 High |
| Under certain circumstances the impacted Software House C•CURE 9000 installer will utilize unnecessarily wide permissions. | ||||