Total
100 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22078 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 8.8 High |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. | ||||
| CVE-2024-22077 | 1 Elspec-ltd | 2 G5dfr, G5dfr Firmware | 2025-04-16 | 5.3 Medium |
| An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. | ||||
| CVE-2022-4863 | 1 Usememos | 1 Memos | 2025-04-09 | 6.5 Medium |
| Improper Handling of Insufficient Permissions or Privileges in GitHub repository usememos/memos prior to 0.9.1. | ||||
| CVE-2025-0468 | 2025-04-07 | 7.1 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. | ||||
| CVE-2025-31172 | 2025-04-07 | 7.8 High | ||
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-31173 | 2025-04-07 | 8.8 High | ||
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-1608 | 1 Oppo | 1 Usercenter Credit Software Development Kit | 2025-04-02 | 9.1 Critical |
| In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | ||||
| CVE-2024-25844 | 2025-03-27 | 7.5 High | ||
| An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. | ||||
| CVE-2024-8315 | 2025-03-27 | N/A | ||
| An Improper Handling of Insufficient Permissions or Privileges vulnerability in scripts used in B&R APROL <4.4-00P5 may allow an authenticated local attacker to read credential information. | ||||
| CVE-2024-55604 | 2025-03-27 | N/A | ||
| Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available. | ||||
| CVE-2025-0478 | 2025-03-27 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to issue reads and writes to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform, altering their behaviour. | ||||
| CVE-2023-21421 | 1 Samsung | 1 Android | 2025-03-24 | 5.9 Medium |
| Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | ||||
| CVE-2024-51459 | 1 Ibm | 1 Infosphere Information Server | 2025-03-20 | 8.4 High |
| IBM InfoSphere Information Server 11.7 could allow a local user to execute privileged commands due to the improper handling of permissions. | ||||
| CVE-2025-1767 | 2025-03-17 | 6.5 Medium | ||
| This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable. | ||||
| CVE-2024-0015 | 1 Google | 1 Android | 2025-03-14 | 7.8 High |
| In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-52537 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-30418 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-13 | 7.5 High |
| Vulnerability of insufficient permission verification in the app management module. Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-22737 | 1 Wire | 1 Wire | 2025-03-10 | 6.5 Medium |
| wire-server provides back end services for Wire, a team communication and collaboration platform. Prior to version 2022-12-09, every member of a Conversation can remove a Bot from a Conversation due to a missing permissions check. Only Conversation admins should be able to remove Bots. Regular Conversations are not allowed to do so. The issue is fixed in wire-server 2022-12-09 and is already deployed on all Wire managed services. On-premise instances of wire-server need to be updated to 2022-12-09/Chart 4.29.0, so that their backends are no longer affected. There are no known workarounds. | ||||
| CVE-2025-20649 | 2025-03-04 | 6.5 Medium | ||
| In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184. | ||||
| CVE-2023-27087 | 1 Xuxueli | 1 Xxl-job | 2025-02-26 | 7.5 High |
| Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | ||||