Export limit exceeded: 343725 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2107 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-34025 | 1 Versa | 1 Concerto | 2026-02-26 | N/A |
| The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. | ||||
| CVE-2025-27446 | 1 Apache | 1 Apisix | 2026-02-26 | 7.8 High |
| Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users are recommended to upgrade to version 0.6.0 or higher, which fixes the issue. | ||||
| CVE-2025-33053 | 1 Microsoft | 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more | 2026-02-26 | 8.8 High |
| External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-30661 | 2 Juniper, Juniper Networks | 10 Ex9200-15c, Junos, Lc4800 and 7 more | 2026-02-26 | 7.3 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can copy a script to the router in a way that will be executed as root, as the system boots. Execution of the script as root can lead to privilege escalation, potentially providing the adversary complete control of the system. This issue only affects specific line cards, such as the MPC10, MPC11, LC4800, LC9600, MX304-LMIC16, SRX4700, and EX9200-15C. This issue affects Junos OS: * from 23.2 before 23.2R2-S4, * from 23.4 before 23.4R2-S5, * from 24.2 before 24.2R2-S1, * from 24.4 before 24.4R1-S3, 24.4R2. This issue does not affect versions prior to 23.1R2. | ||||
| CVE-2023-39338 | 1 Ivanti | 1 Sentry | 2026-02-26 | N/A |
| Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access. | ||||
| CVE-2025-33117 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-02-26 | 9.1 Critical |
| IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands. | ||||
| CVE-2025-55316 | 1 Microsoft | 2 Azure, Azure Connected Machine Agent | 2026-02-26 | 7.8 High |
| External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-38742 | 1 Dell | 2 Emc Idrac Service Module, Idrac Service Module | 2026-02-26 | 5.3 Medium |
| Dell iDRAC Service Module (iSM), versions prior to 6.0.3.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||
| CVE-2025-4609 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-02-26 | 9.6 Critical |
| Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 136.0.7103.113 allowed a remote attacker to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2025-43729 | 1 Dell | 33 Latitude 3330, Latitude 3420, Latitude 3440 and 30 more | 2026-02-26 | 7.8 High |
| Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. | ||||
| CVE-2025-9578 | 2 Acronis, Microsoft | 2 Cyber Protect Cloud Agent, Windows | 2026-02-26 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 40734. | ||||
| CVE-2025-34212 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2026-02-26 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.843 and Application prior to version 20.0.1923 (VA/SaaS deployments) possess CI/CD weaknesses: the build pulls an unverified third-party image, downloads the VirtualBox Extension Pack over plain HTTP without signature validation, and grants the jenkins account NOPASSWD for mount/umount. Together these allow supply chain or man-in-the-middle compromise of the build pipeline, injection of malicious firmware, and remote code execution as root on the CI host. This vulnerability has been identified by the vendor as: V-2023-007 — Supply Chain Attack. | ||||
| CVE-2025-57741 | 2 Apple, Fortinet | 3 Macos, Forticlient, Forticlientmac | 2026-02-26 | 7 High |
| An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking. | ||||
| CVE-2025-6779 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 2 Axis, Axis Communications Ab | 234 A1210 \(-b\), A1214, A1601 and 231 more | 2026-02-26 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-20614 | 1 Intel | 2 Cip Software, Computing Improvement Program | 2026-02-26 | 6.7 Medium |
| External control of file name or path for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-59511 | 1 Microsoft | 20 Windows, Windows 10, Windows 10 1809 and 17 more | 2026-02-26 | 7.8 High |
| External control of file name or path in Windows WLAN Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-20386 | 2 Microsoft, Splunk | 3 Windows, Splunk, Splunk Enterprise | 2026-02-26 | 8 High |
| In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents. | ||||
| CVE-2025-20387 | 2 Microsoft, Splunk | 4 Windows, Splunk, Splunk Enterprise and 1 more | 2026-02-26 | 8 High |
| In Splunk Universal Forwarder for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents. | ||||
| CVE-2025-34323 | 1 Nagios | 1 Log Server | 2026-02-26 | 7.8 High |
| Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system. | ||||