CWE-732: CWE-732

This CVE describes an improper permission control vulnerability in the window management module of Huawei/HarmonyOS devices. Successful exploitation c...

This vulnerability in Baker Hughes Bently Nevada 3500 System TDI firmware allows attackers to retrieve stored passwords from the device. Affected syst...

This CVE involves insecure permissions in the /tmp directory of OPNsense firewall appliances, allowing local attackers to potentially escalate privile...

CVE-2022-44719 is an insecure permissions vulnerability in the SSH server component of Weblib Ucopia software. This allows unauthorized users to acces...

This vulnerability in DTStack Taier 1.3.0 allows attackers to view sensitive information through insecure permissions in the /Taier/API/tenant/listTen...

This vulnerability in Apache InLong allows attackers to delete other users' subscriptions without proper authorization. It affects Apache InLong versi...

CVE-2023-1692 is an improper permission verification vulnerability in Huawei/HarmonyOS window management modules that allows unauthorized access to se...

This CVE describes two vulnerabilities in Fortinet FortiClient for Windows: an incorrect permission assignment (CWE-732) and a TOCTOU race condition (...

CVE-2021-37304 is an insecure permissions vulnerability in jeecg-boot 2.4.5 that allows unauthenticated remote attackers to access the httptrace inter...

CVE-2021-37306 is an insecure permissions vulnerability in jeecg-boot that allows remote attackers to check if a username exists without authenticatio...

This vulnerability in Android's Car Settings app allows malicious apps to trick users into granting notification access permissions. By exploiting an ...

Splunk Universal Forwarder versions before 9.0 have remote management services enabled by default, exposing management ports to network access. This c...

The Log WP_Mail WordPress plugin through version 0.1 saves sent emails in a publicly accessible directory with predictable filenames, allowing any una...

This vulnerability in Fuchsia allows local attackers to modify Virtual Memory Object (VMO) data through copy-on-write snapshots, bypassing permission ...

This vulnerability allows remote unauthenticated attackers to access arbitrary files on GroupSession servers, potentially exposing sensitive informati...

CVE-2020-27568 involves insecure file permissions in Aviatrix Controller 5.3.1516 where multiple files and directories are world-writable. This allows...

This vulnerability allows local users with knowledge of IBM Concert's system architecture to escalate privileges by exploiting incorrect file permissi...

This vulnerability allows attackers to gain elevated privileges on GE HealthCare ultrasound devices due to misconfigured access control lists. It affe...

This vulnerability in NVIDIA DOCA's collectx-dpeserver package for ARM64 systems allows local attackers with low privileges to escalate to root privil...

Agent-Zero v0.8.* has insecure permissions that allow attackers to trigger arbitrary system resets. This vulnerability affects all systems running vul...

A local privilege escalation vulnerability in Juniper Junos OS allows low-privileged users to place scripts that execute as root during system boot on...

This CVE describes a local privilege escalation vulnerability in Acronis Cyber Protect 16 for Windows due to insecure folder permissions. An attacker ...

An untrusted search path vulnerability in Esri ArcGIS Pro allows attackers with local file system write access to plant malicious executables that exe...

This vulnerability in Oracle VM VirtualBox allows a high-privileged attacker with local access to compromise the virtualization software, potentially ...

CVE-2023-6729 allows authenticated users with 'access console' privileges on Nokia SR OS routers to gain read-write access to the entire file system v...

This vulnerability allows a local attacker with existing privileged code execution to escalate privileges on affected Check Point security products. I...

This vulnerability in WiX toolset allows standard users to hijack binaries dropped in C:\Windows\Temp when bundles run as SYSTEM, leading to privilege...

This vulnerability in SAP GUI for Windows and Java allows unauthenticated attackers to access restricted information and create ABAP List Viewer layou...

CVE-2022-22521 is a privilege escalation vulnerability in Miele Benchmark Programming Tool where attackers can manipulate executable files to trick us...

CVE-2021-44466 is a local privilege escalation vulnerability in Bitmask Riseup VPN 0.21.6. When installed in a non-default directory, improper ACLs al...

CVE-2021-27070 is an elevation of privilege vulnerability in the Windows 10 Update Assistant that allows authenticated attackers to execute arbitrary ...

This vulnerability allows attackers to manipulate files on systems running vulnerable versions of Tridium Niagara Framework or Niagara Enterprise Secu...

This vulnerability allows authenticated remote attackers to access other tenants' data and configurations in Cisco Catalyst SD-WAN Manager when multi-...

This vulnerability allows authenticated users in Concrete CMS to change their own or potentially other users' passwords without providing the current ...

A privilege escalation vulnerability in Productivity Suite software allows authenticated low-privileged users to modify their own role assignments, gr...

A local privilege escalation vulnerability in Lenovo PC Manager allows attackers with local access to delete arbitrary files with elevated system perm...

CVE-2024-13813 is an insufficient permissions vulnerability in Ivanti Secure Access Client that allows local authenticated attackers to delete arbitra...

This vulnerability in Develocity (formerly Gradle Enterprise) allows unauthorized access to project information due to incorrect access control during...

This vulnerability in Ivanti DSM allows local authenticated users to delete arbitrary files due to insufficient permissions. It affects organizations ...

This vulnerability allows an authorized Veeam Service Provider Console (VSPC) management agent to delete arbitrary files on the VSPC server. It affect...

Hutool versions 5.8.17 and below contain an information disclosure vulnerability where the File.createTempFile() function in FileUtil.java creates tem...

This vulnerability allows attackers to bypass TrustZone security on affected NXP i.MX SoC devices by exploiting a DMA-capable peripheral to read/write...

This vulnerability in Wowza Streaming Engine allows local users to read and modify configuration files due to overly permissive file permissions. This...

This vulnerability allows unprivileged Windows users with filesystem access to add FTP users by copying profile files to a world-readable/writable dir...

This CVE describes a local privilege escalation vulnerability in npm CLI where incorrect permission assignment allows loading modules from unsecured l...

This CVE describes an incorrect permission assignment vulnerability in SS1 software that allows authenticated users to escalate privileges to root. It...

This vulnerability allows a local unprivileged user on Windows systems to delete arbitrary files with SYSTEM privileges by exploiting the MSI rollback...

This vulnerability allows low-privileged users to read and modify data in Zenon system directories, potentially enabling unauthorized access and manip...

This vulnerability allows local attackers on macOS systems to escalate privileges by exploiting incorrect permission assignments in HYPR Workforce Acc...

This vulnerability in tmate-ssh-server allows local attackers to manipulate session files due to insecure directory permissions. Attackers can comprom...