Total
1471 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-31655 | 2026-02-10 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-36522 | 2026-02-10 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for some Intel(R) Chipset Software before version 10.1.20266.8668 or later. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-22849 | 2026-02-10 | N/A | 6.7 MEDIUM | ||
| Incorrect default permissions for the Intel(R) Optane(TM) PMem management software before versions CR_MGMT_01.00.00.3584, CR_MGMT_02.00.00.4052, CR_MGMT_03.00.00.0538 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-15339 | 1 Tanium | 1 Discover | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | |||||
| CVE-2025-15341 | 1 Tanium | 1 Benchmark | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | |||||
| CVE-2025-15343 | 1 Tanium | 1 Enforce | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Enforce. | |||||
| CVE-2025-15335 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||
| CVE-2025-15334 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||
| CVE-2025-15333 | 1 Tanium | 1 Threat Response | 2026-02-10 | N/A | 4.3 MEDIUM |
| Tanium addressed an information disclosure vulnerability in Threat Response. | |||||
| CVE-2025-15340 | 1 Tanium | 1 Comply | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Comply. | |||||
| CVE-2025-15338 | 1 Tanium | 1 Partner Integration | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | |||||
| CVE-2025-15337 | 1 Tanium | 1 Patch | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Patch. | |||||
| CVE-2025-15336 | 1 Tanium | 1 Performance | 2026-02-10 | N/A | 6.5 MEDIUM |
| Tanium addressed an incorrect default permissions vulnerability in Performance. | |||||
| CVE-2026-25931 | 2026-02-10 | N/A | 7.8 HIGH | ||
| vscode-spell-checker is a basic spell checker that works well with code and documents. Prior to v4.5.4, DocumentSettings._determineIsTrusted treats the configuration value cSpell.trustedWorkspace as the authoritative trust flag. The value defaults to true (package.json) and is read from workspace configuration each time settings are fetched. The code coerces any truthy value to true and forwards it to ConfigLoader.setIsTrusted , which in turn allows JavaScript/TypeScript configuration files ( .cspell.config.js/.mjs/.ts , etc.) to be located and executed. Because no VS Code workspace-trust state is consulted, an untrusted workspace can keep the flag true and place a malicious .cspell.config.js ; opening the workspace causes the extension host to execute attacker-controlled Node.js code with the user’s privileges. This vulnerability is fixed in v4.5.4. | |||||
| CVE-2020-37160 | 2026-02-09 | N/A | 6.2 MEDIUM | ||
| SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain complete system access. | |||||
| CVE-2020-37129 | 2026-02-05 | N/A | 9.8 CRITICAL | ||
| Memu Play 7.1.3 contains an insecure folder permissions vulnerability that allows low-privileged users to modify the MemuService.exe executable. Attackers can replace the service executable with a malicious file during system restart to gain SYSTEM-level privileges by exploiting unrestricted file modification permissions. | |||||
| CVE-2025-10314 | 2026-02-05 | N/A | 8.8 HIGH | ||
| Incorrect Default Permissions vulnerability in Mitsubishi Electric Corporation FREQSHIP-mini for Windows versions 8.0.0 to 8.0.2 allows a local attacker to execute arbitrary code with system privileges by replacing service executable files (EXE) or DLLs in the installation directory with specially crafted files. As a result, the attacker may be able to disclose, tamper with, delete, or destroy information stored on the PC where the affected product is installed, or cause a Denial of Service (DoS) condition on the affected system. | |||||
| CVE-2025-55132 | 1 Nodejs | 1 Node.js | 2026-02-03 | N/A | 5.3 MEDIUM |
| A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | |||||
| CVE-2025-20984 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.8 MEDIUM |
| Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. | |||||
| CVE-2025-20910 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.2 MEDIUM |
| Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery. | |||||