CWE-732: CWE-732

This vulnerability allows local users to escalate privileges by placing malicious executable files in a world-writable directory that gets added to th...

This vulnerability in Yokogawa's Long-term Data Archive Package service creates named pipes with improper access control lists (ACLs), allowing unauth...

This vulnerability in Yokogawa's 'Root Service' allows attackers to exploit improperly configured named pipe ACLs, potentially enabling privilege esca...

This vulnerability allows a local attacker to escalate privileges to SYSTEM by exploiting incorrect permissions in BDReinit.exe, Bitdefender's crash h...

CVE-2021-39992 is an improper security permission configuration vulnerability in Huawei ACPU that allows attackers to bypass intended security restric...

This Android vulnerability allows local privilege escalation through a permissions bypass in the voicemail notification system. Attackers can exploit ...

This CVE describes a local privilege escalation vulnerability in Netgear Genie Installer for macOS. An attacker with local access can overwrite specif...

This vulnerability in Fortinet FortiNAC allows attackers to gain elevated privileges by accessing sensitive system data due to incorrect permission as...

This CVE describes a privilege escalation vulnerability in Adobe Creative Cloud installer versions 5.5 and earlier. An attacker with initial low-privi...

This vulnerability allows an authenticated user on a Windows system with vulnerable Intel PROSet/Wireless WiFi software to escalate privileges via loc...

This vulnerability allows authenticated local users to escalate privileges on Intel NUC M15 Laptop Kit systems due to insecure inherited permissions i...

This vulnerability allows non-admin users on Windows systems to modify files in Zoho Remote Access Plus installation directory due to overly permissiv...

OpenClinic GA 5.194.18 has insecure file permissions that allow authenticated low-privilege users to replace critical service executables with malicio...

CVE-2021-40343 is a privilege escalation vulnerability in Nagios XI where insecure file permissions on nagios_unbundler.py allow the nagios user to ex...

This vulnerability allows local attackers to escalate privileges on Android devices by exploiting an unsafe PendingIntent in the FirstScreenBroadcast ...

This vulnerability allows a malicious actor with local access to a macOS system to exploit improper permissions on installation scripts, potentially e...

This CVE describes an elevation of privilege vulnerability in Visual Studio where an attacker could exploit a flaw in the installer to gain SYSTEM pri...

Dell EMC PowerScale OneFS versions 8.2.x through 9.2.x contain an incorrect permission assignment vulnerability that allows users with SSH or console ...

CVE-2021-37841 is an access control vulnerability in Docker Desktop for Windows that allows low-privileged users to compromise containers. Attackers c...

This vulnerability allows authenticated users with SSH or console login privileges on Dell PowerScale OneFS systems to elevate their privileges beyond...

CVE-2021-32577 is a local privilege escalation vulnerability in Acronis True Image for Windows where insecure folder permissions allow authenticated l...

This vulnerability in Google Chrome's installer allows an attacker to escalate local privileges by tricking a user into opening a malicious file. It a...

This vulnerability allows a local attacker with low-privileged access to escalate privileges and delete files with system-level permissions on Trend M...

This vulnerability allows low-privileged users to escalate privileges to SYSTEM level by exploiting Lexmark printer drivers during the add printer pro...

This vulnerability allows local users on systems running YSoft SafeQ 6 to escalate privileges by overwriting the MU55 FlexiSpooler service executable ...

This vulnerability allows local privilege escalation on Android devices by bypassing permissions through an empty mutable PendingIntent in the GPS net...

This vulnerability allows local attackers on Windows systems to escalate privileges through PATH and DLL hijacking attacks. It affects Node.js install...

This vulnerability allows local privilege escalation on Android 11 devices through an unsafe PendingIntent in the bug reporting service. Attackers can...

This vulnerability involves weak file and folder permissions in the temporary folder of the BIG-IP Edge Client Windows Installer Service, allowing att...

This vulnerability affects Intel NUC 9 Extreme Laptop Kit LAN drivers with insecure inherited permissions. An authenticated attacker could exploit thi...

This vulnerability in Intel VTune Profiler installer allows authenticated local users to escalate privileges due to insecure inherited permissions. It...

This vulnerability in Intel Unite Client for Windows allows authenticated local users to escalate privileges due to insecure inherited permissions. At...

CVE-2021-32460 is a local privilege escalation vulnerability in Trend Micro Maximum Security 2021 installer that allows attackers with existing local ...

This vulnerability allows a local attacker with low-privileged access to escalate privileges on Trend Micro Apex One and OfficeScan XG SP1 installatio...

This vulnerability in Intel SOC driver packages allows authenticated local users to escalate privileges due to insecure inherited permissions. It affe...

This vulnerability allows local attackers to bypass Bluetooth permission checks on Android devices by exploiting a mutable PendingIntent in the Blueto...

CVE-2024-25646 is an information disclosure vulnerability in SAP BusinessObjects Business Intelligence Launch Pad where improper validation allows aut...

This vulnerability in NVIDIA Jetson Linux allows an unprivileged attacker with physical access to bypass IOMMU protections and gain direct read/write ...

CVE-2025-66723 is an insecure permissions vulnerability in inMusic Brands Engine DJ software where the Remote Library's exposed HTTP service allows at...

This vulnerability allows low-privileged remote attackers to access critical system resources like firmware and certificates due to improper permissio...

This vulnerability in Android's Bluetooth stack allows unauthorized access to Bluetooth bonding state information without proper permission checks. It...

This vulnerability in Oracle E-Business Suite's User Management component allows unauthenticated attackers to access sensitive user data via HTTP. It ...

This CVE describes a prototype pollution vulnerability in the @tanstack/form-core library that allows attackers to cause Denial of Service (DoS) by su...

CMSimple v5.16 has an insecure permissions vulnerability that allows remote attackers to download PHP backup files containing sensitive information. T...

This vulnerability in the CarlCare mobile application allows unauthorized access to sensitive information due to improper permission settings. It affe...

OvalEdge versions 5.2.8.0 and earlier expose sensitive user ID data through an authenticated GET request to /user/getUserWithTeam. This vulnerability ...

This vulnerability allows attackers to write arbitrary data to a user's clipboard without user consent during specific navigational sequences. It affe...

This vulnerability in Rockwell Automation ThinManager ThinServer allows attackers to read arbitrary files by exploiting directory junction points. It ...

This vulnerability allows remote unauthenticated attackers to alter MosP kintai kanri settings by exploiting incorrect permission assignments for crit...

This CVE describes a permission management vulnerability in the SystemUI module of Huawei/HarmonyOS devices. Successful exploitation could allow attac...