Search Results (5495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2454 1 Ibm 1 Lotus Notes 2026-04-16 N/A
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
CVE-2004-1193 1 Prevx 1 Prevx Home 2026-04-16 N/A
Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
CVE-2005-0735 1 Newsscript.co.uk 1 Newsscript 2026-04-16 N/A
newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.
CVE-2003-1495 1 Hp 3 Insight Management Suite, Insight Manager, Remote Diagnostics Enabling Agent 2026-04-16 N/A
Unspecified vulnerability in the non-SSL web agent in various HP Management Agent products allows local users or remote attackers to gain privileges or cause a denial of service via unknown attack vectors.
CVE-2005-4855 1 Ez 1 Ez Publish 2026-04-16 N/A
Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.
CVE-2025-5874 1 Redash 1 Redash 2026-04-15 4.6 Medium
A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards."
CVE-2024-20370 1 Cisco 2 Adaptive Security Appliance Software, Firepower Threat Defense Software 2026-04-15 6 Medium
A vulnerability in the Cisco FXOS CLI feature on specific hardware platforms for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to elevate their administrative privileges to root. The attacker would need valid administrative credentials on the device to exploit this vulnerability. This vulnerability exists because certain system configurations and executable files have insecure storage and permissions. An attacker could exploit this vulnerability by authenticating on the device and then performing a series of steps that includes downloading malicious system files and accessing the Cisco FXOS CLI to configure the attack. A successful exploit could allow the attacker to obtain root access on the device.
CVE-2024-20371 1 Cisco 1 Nexus 3550 Firmware 2026-04-15 5.3 Medium
A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.  This vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device.
CVE-2026-20046 1 Cisco 1 Ios Xr Software 2026-03-20 8.8 High
A vulnerability in task group assignment for a specific CLI command in Cisco IOS XR Software could allow an authenticated, local attacker to elevate privileges and gain full administrative control of an affected device. This vulnerability is due to incorrect mapping of a command to task groups within the source code. An attacker with a low-privileged account could exploit this vulnerability by using the CLI command to bypass the task group–based checks. A successful exploit could allow the attacker to elevate privileges and perform actions on an affected device without authorization checks.
CVE-2025-66319 1 Huawei 1 Harmonyos 2026-03-06 3.3 Low
Permission control vulnerability in the resource scheduling module. Impact: Successful exploitation of this vulnerability may affect service integrity.
CVE-2024-53011 1 Qualcomm 166 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 163 more 2026-02-26 7.9 High
Information disclosure may occur due to improper permission and access controls to Video Analytics engine.
CVE-2025-68967 1 Huawei 1 Harmonyos 2026-01-15 5.7 Medium
Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2013-1801 1 Jnunemaker 1 Httparty 2026-01-07 N/A
The httparty gem 0.9.0 and earlier for Ruby does not properly restrict casts of string values, which might allow remote attackers to conduct object-injection attacks and execute arbitrary code, or cause a denial of service (memory and CPU consumption) by leveraging Action Pack support for YAML type conversion, a similar vulnerability to CVE-2013-0156.
CVE-2025-66325 1 Huawei 2 Emui, Harmonyos 2025-12-09 6.2 Medium
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58302 1 Huawei 2 Emui, Harmonyos 2025-12-02 8.4 High
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-64315 1 Huawei 1 Harmonyos 2025-12-02 4.4 Medium
Configuration defect vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect app data confidentiality and integrity.
CVE-2025-58315 1 Huawei 1 Harmonyos 2025-12-02 5.5 Medium
Permission control vulnerability in the Wi-Fi module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-58312 1 Huawei 1 Harmonyos 2025-12-02 5.1 Medium
Permission control vulnerability in the App Lock module. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2025-58309 1 Huawei 1 Harmonyos 2025-12-02 6.8 Medium
Permission control vulnerability in the startup recovery module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.
CVE-2025-58294 1 Huawei 1 Harmonyos 2025-12-02 6.2 Medium
Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.