Export limit exceeded: 351112 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22430 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.5 Medium |
| Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-32492 | 1 Dell | 1 Powerscale Onefs | 2026-02-20 | 5.3 Medium |
| Dell PowerScale OneFS 9.5.0.x contains an incorrect default permissions vulnerability. A low-privileged local attacker could potentially exploit this vulnerability, leading to information disclosure or allowing to modify files. | ||||
| CVE-2025-64724 | 2 Apple, Arduino | 3 Macos, Arduino, Arduino Ide | 2026-02-19 | 7.3 High |
| Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS is installed with world-writable file permissions on sensitive application components, allowing any local user to replace legitimate files with malicious code. When another user launches the application, the malicious code executes with that user's privileges, enabling privilege escalation and unauthorized access to sensitive data. The fix is included starting from the `2.3.7` release. | ||||
| CVE-2025-64723 | 2 Apple, Arduino | 3 Macos, Arduino, Arduino Ide | 2026-02-19 | 4.4 Medium |
| Arduino IDE is an integrated development environment. Prior to version 2.3.7, Arduino IDE for macOS was configured with overly permissive security entitlements that could bypass macOS Hardened Runtime protections. This configuration allows attackers to inject malicious dynamic libraries into the application process, gaining access to all TCC (Transparency, Consent, and Control) permissions granted to the application. The fix is included starting from the `2.3.7 ` release. | ||||
| CVE-2025-59030 | 1 Powerdns | 1 Recursor | 2026-02-19 | 7.5 High |
| An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP. | ||||
| CVE-2023-29131 | 1 Siemens | 1 Simatic Cn 4100 Firmware | 2026-02-18 | 7.4 High |
| A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation. | ||||
| CVE-2025-69604 | 1 Shirt-pocket | 2 Superduper!, Superduper\! | 2026-02-13 | 7.8 High |
| An issue in Shirt Pocket's SuperDuper! 3.11 and earlier allow a local attacker to modify the default task template to install an arbitrary package that can run shell scripts with root privileges and Full Disk Access, thus bypassing macOS privacy controls. | ||||
| CVE-2025-29801 | 1 Microsoft | 1 Autoupdate | 2026-02-13 | 7.8 High |
| Incorrect default permissions in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-15339 | 1 Tanium | 2 Discover, Service Discover | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Discover. | ||||
| CVE-2025-15341 | 1 Tanium | 2 Benchmark, Service Benchmark | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Benchmark. | ||||
| CVE-2025-15343 | 1 Tanium | 2 Enforce, Service Enforce | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Enforce. | ||||
| CVE-2025-15335 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15334 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15333 | 1 Tanium | 2 Service Threatresponse, Threat Response | 2026-02-10 | 4.3 Medium |
| Tanium addressed an information disclosure vulnerability in Threat Response. | ||||
| CVE-2025-15340 | 1 Tanium | 2 Comply, Service Comply | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Comply. | ||||
| CVE-2025-15338 | 1 Tanium | 2 Partner Integration, Service Partnerintegration | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Partner Integration. | ||||
| CVE-2025-15337 | 1 Tanium | 2 Patch, Service Patch | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Patch. | ||||
| CVE-2025-15336 | 1 Tanium | 2 Performance, Service Performance | 2026-02-10 | 6.5 Medium |
| Tanium addressed an incorrect default permissions vulnerability in Performance. | ||||
| CVE-2025-55132 | 1 Nodejs | 2 Node.js, Nodejs | 2026-02-03 | 5.3 Medium |
| A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. Unlike `utimes()`, `futimes()` does not apply the expected write-permission checks, which means file metadata can be modified in read-only directories. This behavior could be used to alter timestamps in ways that obscure activity, reducing the reliability of logs. This vulnerability affects users of the permission model on Node.js v20, v22, v24, and v25. | ||||
| CVE-2025-20984 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | 6.8 Medium |
| Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. | ||||