CVE-2026-35385
In OpenSSH before 10.3, a file downloaded by scp may be installed setuid or setgid, an outcome contrary to some users' expectations, if the download is performed as root with -O (legacy scp protocol) and without -p (preserve mode).
CVE-2025-9615
A flaw was found in NetworkManager. The NetworkManager package allows access to files that may belong to other users. NetworkManager allows non-root users to configure the system's network. The daemon runs with root privileges and can acces…
CVE-2024-12125
A flaw was found in the 3scale Developer Portal. When creating or updating an account in the Developer Portal UI it is possible to modify fields explicitly configured as read-only or hidden, allowing an attacker to modify restricted informa…
CVE-2025-37735
Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation.
CVE-2025-34298
Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization che…
CVE-2023-32199
A vulnerability has been identified within Rancher
Manager, where after removing a custom GlobalRole that gives
administrative access or the corresponding binding, the user still
retains access to clusters. This only affects custom Globa…
CVE-2025-26420
In multiple functions of GrantPermissionsActivity.java , there is a possible way to trick the user into granting the incorrect permission due to permission overload. This could lead to local escalation of privilege with no additional execut…
CVE-2025-7346
Any unauthenticated attacker can bypass the localhost
restrictions posed by the application and utilize this to create
arbitrary packages
CVE-2025-43701
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of Custom Settings data.
This impacts OmniStudio: before version 254.
CVE-2025-43700
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows exposure of encrypted data.
This impacts OmniStudio: before Spring 2025.
CVE-2025-43698
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (FlexCards) allows bypass of field level security controls for Salesforce objects.
This impacts OmniStudio: before Spring 2025
CVE-2025-43697
Improper Preservation of Permissions vulnerability in Salesforce OmniStudio (DataMapper) allows exposure of encrypted data.
This impacts OmniStudio: before Spring 2025
CVE-2025-27563
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-27247
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-26693
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2025-26691
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause information leak through get permission.
CVE-2024-46941
SystemUI has an incorrect component protection setting, which allows access to specific information.
CVE-2025-43026
A potential security vulnerability has been identified in the HP Support Assistant for versions prior to 9.44.18.0. The vulnerability could potentially allow a local attacker to escalate privileges via an arbitrary file write.
CVE-2025-27703
CVE-2025-27703 is a privilege escalation vulnerability in the management
console of Absolute Secure Access prior to version 13.54. Attackers
with administrative access to a specific subset of privileged features
in the console can elevat…
CVE-2024-57698
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of info…