CWE-276: CWE-276

This vulnerability allows local users to access sensitive information stored in the NI SystemLink Server KeyValueDatabase service due to incorrect dir...

This CVE describes an Android vulnerability where missing permission checks allow local information disclosure of played media. Any Android device run...

Dell PowerScale OneFS versions 8.2.x through 9.6.0.x have incorrect default permissions that allow local low-privileged users to cause denial of servi...

A vulnerability in Node.js's permission model allows attackers to modify file timestamps using the futimes() function even when they only have read pe...

Quest KACE Desktop Authority versions through 11.3.1 have insecure permissions on named pipes used for inter-process communication, allowing unauthori...

This vulnerability allows non-admin users to access the AdminTools.SpammedPages page in XWiki AdminTools, though no sensitive data is visible. It affe...

Newforma Info Exchange (NIX) before version 2023.1 has a default configuration that allows anonymous authentication. This enables unauthenticated atta...

This macOS vulnerability allows downloaded files to bypass the quarantine flag, which normally triggers security warnings before execution. This affec...

This vulnerability allows attackers to determine which email addresses have valid user accounts in eSoft Planner by observing different responses from...

An unauthenticated user enumeration vulnerability in AquilaCMS allows attackers to discover valid email addresses through the 'Add a user' feature. Th...

This vulnerability in JetBrains Kotlin before version 1.4.21 uses an insecure Java API for temporary file creation, allowing attackers to read sensiti...

This Android vulnerability allows local privilege escalation through improper input validation in the InstallStart.java onCreate method. An attacker c...

This vulnerability allows attackers to modify the configuration file of XINJE XDPPro software due to insecure file permissions, potentially leading to...

This vulnerability in Samsung Knox DualDAR policy allows local attackers to bypass permission checks and access sensitive data stored on affected devi...

This vulnerability allows local attackers to escalate privileges on Windows systems running Acronis Cyber Protect 17 due to improper directory permiss...

The Snowflake Connector for .NET versions 2.0.12 through 4.2.0 on Linux and macOS temporarily store downloaded stage files in world-readable directori...

A local privilege escalation vulnerability in Juniper Junos OS Evolved allows low-privileged local users to read NETCONF traceoptions files containing...

Arduino IDE for macOS versions before 2.3.7 had overly permissive security entitlements that bypass macOS Hardened Runtime protections. This allows at...

Melange versions 0.23.0 through 0.29.4 generate APK SBOM files with overly permissive 666 file permissions, allowing unprivileged users to modify thes...

The Snowflake JDBC Driver vulnerability allows local users on Linux systems to read cached temporary credentials from a world-readable file when tempo...

A Linux kernel vulnerability allows root users on NFS clients to bypass security label restrictions on NFS filesystems exported with root squashing en...

CVE-2025-15333 is an information disclosure vulnerability in Tanium Threat Response that allows unauthorized access to sensitive data. Organizations u...

An information disclosure vulnerability in Tanium Threat Response could allow authenticated attackers to access sensitive data they shouldn't have per...

An information disclosure vulnerability in Tanium Threat Response could allow authenticated attackers to access sensitive data they shouldn't have per...

This vulnerability exposes passwords stored in configuration files within the K2 SmartForms Designer folder, making them readable by unauthorized user...

CVE-2024-47593 is an information disclosure vulnerability in SAP NetWeaver Application Server ABAP that allows unauthenticated attackers with network ...

Samsung Assistant versions before 9.1.00.7 have a permission handling flaw that allows remote attackers to access location data when user interaction ...

Cilium versions 1.14.0 through 1.14.15 and 1.15.0 through 1.15.9 have a policy bypass vulnerability where certain CIDR-based deny rules may be ignored...

This vulnerability allows local authenticated users on Windows systems running MaLion Security Point versions before 5.3.4 to place arbitrary files in...

The Canva for Mac desktop app distributed through the Mac App Store was built without Apple's Hardened Runtime security feature. This allows a local a...

This CVE describes a lock screen bypass vulnerability in Apple iOS/iPadOS where an attacker with physical access to a locked device could view restric...

This vulnerability exposes the private key of Icinga certificates due to overly permissive directory permissions. Any user on affected Windows systems...

A local privilege escalation vulnerability exists where normal users can modify executable service binaries in the installation folder. When the servi...

The macOS version of Inkscape bundles a Python interpreter that inherits the application's TCC permissions. Attackers with local access can execute ar...

A local privilege escalation vulnerability in Datadog Linux Host Agent versions 7.65.0 through 7.70.2 allows attackers with local access and low-privi...

This CVE describes an Incorrect Default Permissions vulnerability in Schneider Electric software where installation folders have insecure default perm...