CWE-276: CWE-276

This vulnerability allows authenticated users on a local system to escalate privileges due to incorrect default permissions in Intel GPA software inst...

This vulnerability allows local privilege escalation on MediaTek devices due to a missing permission check in the 'da' component. Attackers can gain S...

CVE-2021-44905 is an incorrect permissions vulnerability in Fortessa FTBTLD Smart Lock's Bluetooth services that allows remote attackers to disable th...

This vulnerability in GNU Guix's guix-daemon allows local users to escalate privileges by accessing build outputs before proper file metadata (like se...

This vulnerability allows web extensions with minimal permissions to intercept and modify HTTP responses for any website, bypassing normal security re...

Gradle Enterprise versions before 2021.4.2 had a default configuration allowing anonymous write access to the built-in build cache. This could allow a...

This CVE allows any local process to modify Unbound DNS resolver's runtime configuration via port 8953 due to incorrect default permissions. Attackers...

CVE-2023-45990 is an insecure permissions vulnerability in WenwenaiCMS v1.0 that allows remote attackers to escalate privileges. This affects all depl...

This vulnerability allows local users on the VMware vCenter server to read and write specific files due to incorrect default permissions in the Hitach...

This vulnerability allows local attackers to escalate privileges on macOS systems by exploiting insecure Unix socket permissions in Acronis Cyber Prot...

CVE-2026-26034 is an incorrect default permissions vulnerability in Dell UPS Multi-UPS Management Console (MUMC) that allows attackers to execute arbi...

The installer for FinalCode Client by Digital Arts Inc. has incorrect default permissions that allow non-administrative users to execute arbitrary cod...

This vulnerability allows authenticated low-privileged Windows users to escalate their privileges on systems running Genetec Update Service. Attackers...

This vulnerability in vscode-spell-checker extension allows arbitrary code execution when opening untrusted VS Code workspaces. Attackers can place ma...

This vulnerability in SuperDuper! backup software allows local attackers to modify task templates to install arbitrary packages with root privileges a...

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability where authenticated users can modify MariaDB service executable files. Attackers c...

CVE-2025-53398 is an insecure permissions vulnerability in Portrait Dell Color Management application 3.3.8 for Dell monitors that allows unauthorized...

The Portrait Dell Color Management application creates a temporary folder with weak permissions during installation/uninstallation, allowing local low...

An improper permissions vulnerability in Lenovo Baiying Client allows local authenticated users to execute arbitrary code with elevated privileges. Th...

A local privilege escalation vulnerability in SuperDuper! backup software allows attackers to modify task templates and execute arbitrary scripts with...

LogStare Collector's installation directory has insecure permissions allowing non-admin users to modify files. This enables privilege escalation where...

This vulnerability allows any authenticated local user on AudioCodes Fax Server and Auto-Attendant IVR appliances to escalate privileges to SYSTEM by ...

This vulnerability allows any authenticated local user on AudioCodes Fax Server and Auto-Attendant IVR appliances to achieve privilege escalation to S...

The MongoDB BI Connector ODBC driver versions 1.0.0 through 1.4.6 have incorrect default permissions that allow local users to escalate privileges. Th...

NVIDIA Project G-Assist contains an incorrect default permissions vulnerability (CWE-276) that allows attackers to escalate privileges. This affects s...

The MongoDB Atlas SQL ODBC driver on Windows has incorrect default permissions that allow local users to escalate privileges. This affects all Windows...

This vulnerability in NVIDIA's FrameviewSDK installer for Windows allows local unprivileged attackers to modify files in the Frameview SDK directory, ...

Dell PowerProtect Data Manager Generic Application Agent versions 19.19 and 19.20 have incorrect default permissions that allow local low-privileged a...

Multiple i-フィルター products have incorrect default permissions that allow local authenticated attackers to replace service executables. This c...

This vulnerability allows local attackers on macOS to abuse GIMP's bundled Python interpreter to access privacy-protected files without user consent. ...

This vulnerability allows non-admin Windows users to execute arbitrary code with administrator privileges during AWS Client VPN installation. Attacker...

An incorrect permissions vulnerability in Elliptic Labs Virtual Lock Sensor allows local authenticated users to escalate privileges. This affects syst...

An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows low-privileged users to execute arbitrary commands with SYSTEM privilege...

This vulnerability allows attackers to execute arbitrary code with SYSTEM privileges on Windows systems by placing a crafted DLL file in a specific lo...

This vulnerability allows local privilege escalation on Windows systems where Nessus is installed to a non-default location. Attackers could exploit i...

A privilege escalation vulnerability in Rockwell Automation ThinManager allows attackers to inherit elevated permissions when temporary files are dele...

This vulnerability allows the gerbera service user to escalate privileges to root due to incorrect default permissions in openSUSE Tumbleweed. It affe...

This CVE describes an insecure permission verification vulnerability in student-manage 1 that allows local attackers to escalate privileges. Attackers...

A directory path parsing vulnerability in macOS allows applications to bypass path validation and gain root privileges. This affects macOS Ventura, Se...

A permissions vulnerability in macOS allows malicious applications to escalate privileges to root access. This affects macOS Ventura, Sequoia, and Son...

A privilege escalation vulnerability in macOS allows malicious applications to gain root privileges. This affects macOS Ventura, Sequoia, and Sonoma s...

This vulnerability allows local privilege escalation on Windows systems where Nessus Agent was installed to a non-default location with insecure direc...

This vulnerability allows non-administrative users on a Windows system running RemoteView Agent to execute arbitrary operating system commands with Lo...

CVE-2025-24864 is a privilege escalation vulnerability in RemoteView Agent for Windows where incorrect folder permissions allow non-administrative use...

This vulnerability in Nothing OS allows a local attacker to escalate privileges through the NtBpfService component. It affects users of Nothing Tech d...

A local privilege escalation vulnerability in Omnissa Horizon Client for macOS allows authenticated users to gain root privileges on affected systems....

A privilege escalation vulnerability in macOS allows malicious applications to gain elevated system privileges. This affects macOS systems before Sequ...

A permissions vulnerability in Apple operating systems allows malicious applications to escalate privileges to root access. This affects macOS, tvOS, ...

CVE-2025-0543 is a local privilege escalation vulnerability in G DATA Security Client where incorrect directory permissions allow unprivileged local u...

This CVE describes a local privilege escalation vulnerability in Thermo Fisher Scientific Xcalibur and Foundation Instrument Control Software on Windo...