CWE-732: CWE-732

This critical vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform's Internet Communication Framework allows attackers to bypass access contro...

This vulnerability allows attackers to access functionality they shouldn't have permission to use in the Apinizer Management Console due to incorrect ...

This vulnerability in SAP BusinessObjects Business Intelligence Platform allows authenticated attackers to view sensitive information that should be r...

This vulnerability allows remote authenticated managers in Plone to perform arbitrary disk I/O operations via crafted keyword arguments to the ReStruc...

An unauthenticated remote code execution vulnerability in Juniper PTX Series routers allows attackers to execute arbitrary code as root by exploiting ...

Firefox for Android versions before 141 allow sandboxed iframes without the 'allow-downloads' attribute to initiate downloads, bypassing security rest...

A critical permissions bypass vulnerability in macOS allows malicious applications to modify protected file system areas. This affects macOS Ventura, ...

The Memory Management Module in NASA cFS Aquila has insecure permissions that allow attackers to gain remote code execution on affected systems. This ...

CVE-2024-57520 is an insecure permissions vulnerability in Asterisk v22 that allows directory traversal via the action_createconfig function. This cou...

CVE-2024-41647 is an insecure permissions vulnerability in ROS2 navigation2's nav2_mppi_controller component that allows attackers to execute arbitrar...

This vulnerability allows attackers to launch any unexported component in the com.transsion.aivoiceassistant mobile app due to improper permission con...

This CVE describes an insecure permissions vulnerability in Ruijie RG-NBS2009G-P switches running RGOS v10.4(1)P2 Release (9736). It allows remote att...

This vulnerability allows attackers to abuse incorrect permissions on Vertica agent API keys, potentially gaining unauthorized access or elevated priv...

This vulnerability in the BoomPlayer mobile application allows attackers to take over user accounts due to improper permission configuration. It affec...

This CVE describes an improper permission configuration vulnerability in the Transsion CarlCare mobile application that could allow unauthorized acces...

This vulnerability in Gentoo's Slurm ebuild allows the slurm user to gain ownership of root-owned files through improper chown calls during package in...

This critical vulnerability in PHOENIX CONTACT industrial automation software allows unauthenticated remote attackers to upload malicious code and gai...

This critical vulnerability allows remote unauthenticated attackers to gain full administrative access to affected PHOENIX CONTACT classic line device...

This vulnerability allows attackers with physical or application access to an iOS device running Devolutions Remote Desktop Manager to bypass client-s...

This vulnerability allows attackers to access sensitive configuration files in OPNsense firewalls due to insecure directory permissions. Attackers can...

PublicCMS versions up to V4.0.202302 have insecure permissions that allow attackers to bypass authentication and gain unauthorized access. This affect...

CVE-2023-24205 is a critical remote code execution vulnerability in Clash for Windows that allows attackers to execute arbitrary code by overwriting t...

CVE-2021-29396 is an authentication bypass vulnerability in NorthStar Club Management software that allows remote attackers to access administrative f...

This vulnerability in Nagios XI 5.7.5 and earlier allows local attackers to escalate privileges by exploiting insecure temporary directory permissions...

CVE-2020-11831 is a critical vulnerability in OvoiceManager that allows arbitrary file writes due to improper system permissions. Attackers can exploi...

CVE-2020-12842 is a critical privilege escalation vulnerability in iSmartgate PRO garage door controller software. Attackers can append arbitrary PHP ...

CVE-2020-12838 allows attackers to escalate privileges by appending malicious PHP code to the /cron/mailAdmin.php file in iSmartgate PRO garage door c...

This vulnerability in Zyxel VMG5313-B30B routers allows regular users to create new accounts with administrative privileges by manipulating JSON param...

This vulnerability in Google Chrome's Mojo IPC system on Windows allows a remote attacker to escape the browser sandbox via a malicious file. Attacker...

This vulnerability allows unauthorized GitLab users to attach malicious runners to any project via a GraphQL endpoint. It affects GitLab Community Edi...

This vulnerability in Havelsan Dialogue software allows attackers to access functionality not properly restricted by access control lists (ACLs). It a...

This vulnerability in Kata Containers allows a container user to modify the Guest micro VM's file system, leading to arbitrary code execution as root ...

This vulnerability allows attackers to decrypt credentials stored in registry keys due to incorrect default permissions in MedDream PACS Premium. Atta...

Ubuntu 20.04 LTS's libvirt package created a control socket with overly permissive world read/write permissions. This allows local attackers to overwr...

This vulnerability allows remote attackers to bypass authentication in Wondershare Repairit without requiring credentials. Attackers can exploit incor...

SIMATIC Virtualization as a Service (SIVaaS) exposes an unauthenticated network share, allowing attackers to access or modify sensitive data without c...

IBM Sterling Secure Proxy versions 6.0.0.0 through 6.2.0.0 contain incorrect permission assignments that could allow unauthorized attackers to retriev...

This vulnerability allows any Android application without permissions to place phone calls without user interaction by sending a crafted intent to the...

This vulnerability in SIMATIC RTLS Locating Manager allows privileged attackers (Administrators group members) to escalate their privileges to the Sys...

CVE-2023-32724 is a critical memory corruption vulnerability in Zabbix's Ducktape object that allows attackers to directly access and manipulate memor...

A privilege escalation vulnerability in Rockwell Automation FactoryTalk Service Platform allows authenticated users with basic privileges to gain admi...