Search Results (1775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-6369 1 Canonical 2 Canonical-livepatch, Livepatch Client 2026-06-05 5.5 Medium
An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server.
CVE-2026-50590 1 Mimecast 1 Incydr 2026-06-05 4.5 Medium
In Mimecast Incydr before 2.6.0, arbitrary file access can occur.
CVE-2026-10591 2 Amazon, Aws 2 Kiro Ide, Kiro Ide 2026-06-05 8.8 High
Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions that cause writes to execution-sensitive paths (such as .vscode/tasks.json), enabling auto-execution on folder open. To remediate this issue, users should upgrade to Kiro IDE version 0.11 or later.
CVE-2025-8886 1 Usta 1 Aybs 2026-06-05 6.7 Medium
Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass. This issue affects Aybs Interaktif: from 2024 through 28082025.
CVE-2026-50209 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 7.8 High
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.
CVE-2021-4481 1 Draeger 1 Protector Software 2026-06-03 8.2 High
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
CVE-2026-34352 1 Tigervnc 1 Tigervnc 2026-06-03 8.5 High
In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application crash, because of incorrect permissions.
CVE-2021-4480 1 Draeger 1 Protector Software 2026-06-03 8.2 High
Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execute code with NT SYSTEM privileges.
CVE-2026-45353 2 Electerm, Electerm Project 2 Electerm, Electerm 2026-06-03 7.8 High
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6 to 3.8.8, This vulnerability is fixed in 3.9.0.
CVE-2024-5618 1 Apinizer 1 Apinizer 2026-06-03 9.9 Critical
Incorrect Permission Assignment for Critical Resource vulnerability in PruvaSoft Informatics Apinizer Management Console allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Apinizer Management Console: before 2024.05.1.
CVE-2024-3375 1 Havelsan 1 Dialogue 2026-06-03 9.4 Critical
Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Dialogue: from v1.83 before v1.83.1 or v1.84.
CVE-2026-27788 1 Fsastech 1 Serverview Agents For Windows 2026-06-02 N/A
Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege.
CVE-2026-28264 1 Dell 2 Powerprotect Agent, Powerprotect Data Manager 2026-06-02 3.3 Low
Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure.
CVE-2024-9142 1 Olgu Computer Systems 1 E-belediye 2026-06-02 9.8 Critical
External Control of File Name or Path, : Incorrect Permission Assignment for Critical Resource vulnerability in Olgu Computer Systems e-Belediye allows Manipulating Web Input to File System Calls. This issue affects e-Belediye: before 2.0.642.
CVE-2026-9789 1 Acer 1 Nitrosense V3 2026-05-30 N/A
A Local Privilege Escalation (LPE) vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List (ACL). This allows any authenticated local user to connect and send commands. Because the service does not check the caller's privileges before running file deletion commands, a low-privileged local user can exploit this to delete arbitrary files with system authority.
CVE-2026-8070 1 Asus 1 Armoury Crate 2026-05-29 N/A
Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the '  Security Update for Armoury Crate App   ' section on the ASUS Security Advisory for more information.
CVE-2026-7480 1 Asus 1 Asus System Control Interface 2026-05-29 N/A
An Incorrect Permission Assignment for Critical Resource vulnerability in ASUS System Control Interface allows a local user to elevate privileges to SYSTEM and execute arbitrary code via a crafted RPC call that bypass the validation mechanism. Refer to the 'Security Update for ASUS System Control Interface' section on the ASUS Security Advisory for more information.
CVE-2026-9508 1 Supremainc 1 Biostar 2 2026-05-29 N/A
Incorrect permission settings on a critical resource in Suprema BioStar 2 (versions 2.9.3 through 2.9.11) that allow backup files to be publicly exposed when the administrator configures their path within the NGINX webroot. This vulnerability allows an attacker with network access to directly download backup ZIP files via ‘http(s)://[server]/download/…’ without requiring authentication. This exposes highly sensitive information that can lead to server impersonation, unauthorized access to databases, and lateral movement.
CVE-2017-15906 5 Debian, Netapp, Openbsd and 2 more 23 Debian Linux, Active Iq Unified Manager, Cloud Backup and 20 more 2026-05-28 5.3 Medium
The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.
CVE-2026-42497 2 Archive\, Bingos 2 \, Archive::tar 2026-05-28 7.5 High
Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. _make_special_file() passes the tar header's linkname to link() without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode. A subsequent write through the extracted name modifies the victim file, and the post-extraction chmod, chown, and utime block in _extract_file() (guarded only against symlinks via -l) applies the tar header's mode, owner, and timestamps to the shared inode during extraction alone.