Total
1605 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15037 | 2026-03-12 | N/A | N/A | ||
| An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kernel information disclosure. Refer to the "ASUS Business System Control Interface" section on the ASUS Security Advisory for more information. | |||||
| CVE-2026-29125 | 1 Datacast | 2 Sfx2100, Sfx2100 Firmware | 2026-03-11 | N/A | 4.7 MEDIUM |
| IDC SFX2100 Satalite Recievers set the `/etc/resolv.conf` file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service. | |||||
| CVE-2026-29126 | 1 Datacast | 2 Sfx2100, Sfx2100 Firmware | 2026-03-11 | N/A | 7.8 HIGH |
| Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges (local privilege escalation and persistence) via modification of a root-owned, world-writable BusyBox udhcpc DHCP event script, which is executed when a DHCP lease is obtained, renewed, or lost. | |||||
| CVE-2025-41712 | 2026-03-11 | N/A | 6.5 MEDIUM | ||
| An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server. | |||||
| CVE-2026-3315 | 2026-03-11 | N/A | N/A | ||
| Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33. | |||||
| CVE-2026-29188 | 1 Filebrowser | 1 Filebrowser | 2026-03-10 | N/A | 9.1 CRITICAL |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.1, a broken access control vulnerability in the TUS protocol DELETE endpoint allows authenticated users with only Create permission to delete arbitrary files and directories within their scope, bypassing the intended Delete permission restriction. Any multi-user deployment where administrators explicitly restrict file deletion for certain users is affected. This issue has been patched in version 2.61.1. | |||||
| CVE-2026-2915 | 1 Hp | 1 System Event Utility | 2026-03-09 | N/A | 7.1 HIGH |
| HP System Event Utility might allow denial of service with elevated arbitrary file writes. This potential vulnerability was remediated with HP System Event Utility version 3.2.16. | |||||
| CVE-2026-1344 | 1 Tanium | 1 Enforce Recovery Key Portal | 2026-03-09 | N/A | 6.5 MEDIUM |
| Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal. | |||||
| CVE-2025-70342 | 1 Grahampugh | 1 Erase-install | 2026-03-09 | N/A | 6.6 MEDIUM |
| erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe. | |||||
| CVE-2025-70341 | 1 App-auto-patch | 1 App-auto-patch | 2026-03-05 | N/A | 7.8 HIGH |
| Insecure permissions in App-Auto-Patch v3.4.2 create a race condition which allows attackers to write arbitrary files. | |||||
| CVE-2025-14604 | 1 Ibm | 1 Storage Scale | 2026-03-04 | N/A | 6.6 MEDIUM |
| IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors. | |||||
| CVE-2026-24732 | 2026-03-04 | N/A | N/A | ||
| Files or Directories Accessible to External Parties, Incorrect Permission Assignment for Critical Resource vulnerability in Hallo Welt! GmbH BlueSpice (Extension:NSFileRepo modules) allows Accessing Functionality Not Properly Constrained by ACLs, Bypassing Electronic Locks and Access Controls.This issue affects BlueSpice: from 5.1 through 5.1.3, from 5.2 through 5.2.0. HINT: Versions provided apply to BlueSpice MediaWiki releases. For Extension:NSFileRepo the affected versions are 3.0 < 3.0.5 | |||||
| CVE-2026-2637 | 2026-03-03 | N/A | N/A | ||
| iBoysoft NTFS for Mac contains a local privilege escalation vulnerability in its privileged helper daemon ntfshelperd. The daemon exposes an NSConnection service that runs as root without implementing any authentication or authorization checks. This issue affects iBoysoft NTFS: 8.0.0. | |||||
| CVE-2025-14979 | 2026-03-03 | N/A | N/A | ||
| AirVPN Eddie on MacOS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects Eddie: 2.24.6. | |||||
| CVE-2026-26095 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26096 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26100 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 5.5 MEDIUM |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26101 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2026-26102 | 1 Owlcyberdefense | 3 Opds-100, Opds-1000, Opds-talon | 2026-02-27 | N/A | 7.8 HIGH |
| Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request. | |||||
| CVE-2019-25344 | 1 Wondershare | 1 Mobilego | 2026-02-26 | N/A | 7.8 HIGH |
| Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access. | |||||