CWE-276: CWE-276

This vulnerability in PowerDNS Recursor allows attackers to trigger removal of cached DNS records by sending NOTIFY queries over TCP. This enables DNS...

This vulnerability involves incorrect boundary conditions in Firefox and Thunderbird's WebGPU component, allowing memory corruption. Attackers could e...

This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity insta...

This vulnerability in Oracle MySQL Connector/J allows attackers with low privileges and network access to potentially take over the connector software...

This vulnerability in Moodle allows users to delete OAuth2-linked accounts without proper authorization checks. It affects Moodle instances with OAuth...

This vulnerability in RSA NetWitness Platform allows an internal threat actor to impersonate a user whose access has been revoked but who still has an...

This vulnerability allows any Android application without permissions to place phone calls without user interaction by sending a crafted intent to the...

This CVE describes an improper permissions vulnerability in Xcode where applications could inherit Xcode's elevated permissions and access user data. ...

This vulnerability in the modem component of Google Pixel devices allows unauthorized access to sensitive information. It affects Pixel devices runnin...

This vulnerability allows attackers to bypass access controls in the Shenzhou News Union Enterprise Management System's SnoopServlet component, exposi...

This vulnerability in JetBrains TeamCity allows attackers to escalate privileges due to incorrect directory permissions. It affects all TeamCity insta...

IBM Security Access Manager Docker containers (versions 10.0.0.0 through 10.0.7.1) with certain configurations allow network users to install maliciou...

This vulnerability allows authenticated users with web interface access to perform unauthorized file and firmware uploads by crafting custom web reque...

This vulnerability in Buildroot allows attackers to manipulate the /dev/shm directory due to missing sticky bit permissions. It affects systems using ...

This vulnerability in the RegistrationMagic WordPress plugin allows attackers to bypass access controls and modify arbitrary prices in forms. It affec...

This vulnerability in Huawei's Calendar app involves undefined permissions that could allow attackers to disrupt the app's functionality, affecting av...

CVE-2024-22889 is an access control vulnerability in Plone v6.0.9 that allows remote attackers to view and list all files hosted on the website via cr...

Couchbase Server 7.1.x and 7.2.x before 7.2.4 exposes sensitive admin statistics and vitals endpoints without authentication on localhost port 8093. T...

A permission management vulnerability in the lock screen module of Huawei/HarmonyOS devices allows attackers to bypass lock screen protections. Succes...

Softing OPC Suite versions 5.25 and earlier have an incorrect access control vulnerability in the OSF_discovery service that allows attackers to obtai...

Mobile Security Framework (MobSF) versions up to v3.7.8 Beta have insecure default permissions that allow unauthorized access to the application. This...

This vulnerability allows local attackers to access sensitive information due to insecure folder permissions in Acronis Cyber Protect Home Office for ...

SoLive Android app versions 1.6.14 through 1.6.20 have an exposed component that allows attackers to inject excessive data into SharedPreference files...

The Download Manager WordPress plugin before version 6.3.0 exposes master key information without authentication, allowing attackers to bypass passwor...

This vulnerability in Huawei's facial recognition module involves improper file permission controls that could allow unauthorized access to sensitive ...

This vulnerability in Mahara's Isolated Institutions feature allows users to see groups from other institutions beyond the first page of group results...

The CreateRedirect extension for MediaWiki before April 14, 2022 fails to properly verify user permissions when creating redirects, allowing unauthori...

This vulnerability in Podman and Moby (Docker Engine) allows containers to start with non-empty inheritable Linux process capabilities. An attacker wi...

This CVE-2021-40049 is a permission control vulnerability in Huawei's PMS (Package Manager Service) module that allows unauthorized access to sensitiv...

xzs-mysql online examination system versions t3.4.0 and above have an insecure permissions vulnerability in the exam paper submission function. Attack...

This CVE describes a permission management vulnerability in cellular modules that could allow unauthorized access to sensitive data. It affects device...

This vulnerability allows unauthorized access to broadcast information on affected Huawei smartphones due to improper permission settings. Attackers c...

This vulnerability allows unauthorized users to view private pages on MediaWiki installations configured as private wikis with whitelist read restrict...

This CVE describes an improper permission vulnerability in Huawei smartphones that allows attackers to bypass intended access controls. Successful exp...

This CVE describes a permission control vulnerability in Huawei smartphones where improper access controls allow unauthorized actions. The vulnerabili...

This CVE describes an improper permission management vulnerability in Huawei smartphones that allows unauthorized access to sensitive services. Succes...

CVE-2021-33506 is a configuration vulnerability in Jitsi Meet where the 'restrict_room_creation' setting is not enforced by default, allowing attacker...

This vulnerability in HyperKitty exposes private mailing list archives to public access during import operations. When migrating from Mailman 2 to Mai...

This CVE describes a local privilege escalation vulnerability in Toshiba printers that allows attackers to replace legitimate programs with malicious ...

CVE-2024-27153 is a local privilege escalation vulnerability in Toshiba printers that allows attackers to gain elevated privileges on affected devices...

This CVE describes a local privilege escalation vulnerability in Toshiba printers that allows attackers to gain elevated privileges on affected device...

This vulnerability in ebankIT 6 allows unauthenticated attackers to generate OTP (One-Time Password) messages to arbitrary email addresses or phone nu...

Arduino IDE for macOS versions before 2.3.7 installs with world-writable file permissions on sensitive application components. This allows any local u...

A local privilege escalation vulnerability in Lenovo App Store allows authenticated local users to execute arbitrary code with elevated privileges dur...

CVE-2025-46355 is an incorrect default permissions vulnerability in PC Time Tracer that allows local authenticated attackers to execute arbitrary code...

This vulnerability involves insecure Windows permissions for ASPECT configuration toolsets, allowing unauthorized access to configuration information....

This vulnerability involves incorrect default permissions in AMD Manageability API that could allow a local attacker to escalate privileges on affecte...

This vulnerability in Oracle Database's RAS Security component allows authenticated attackers with network access to compromise data confidentiality a...

This vulnerability allows local attackers to escalate privileges on systems with AMD Integrated Management Technology (AIM-T) Manageability Service in...

CVE-2018-9369 is a bootloader vulnerability in Android devices that allows attackers to specify kernel command line arguments via fastboot. This enabl...