Multiple i-フィルター products contain an issue with incorrect default permissions. If this vulnerability is exploited, a local authenticated attacker may replace a service executable on the system where the product is running, potentially allowing arbitrary code execution with SYSTEM privileges.
The configuration of Cursor on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Cursor TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Cursor, potentially disguising attacker's malicious intent. This issue was detected in 15.4.1 version of Cursor. Project maintainers decided not to fix this issue, because a scenario including a local attacker falls outside their defined threat model.
The configuration of Nozbe on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Nozbe TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission. This issue was fixed in version 2025.11 of Nozbe.
The configuration of Mosh-Pro on macOS, specifically the "RunAsNode" fuse enabled, allows a local attacker with unprivileged access to execute arbitrary code that inherits Mosh-Pro TCC (Transparency, Consent, and Control) permissions. Acquired resource access is limited to previously granted permissions by the user. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of Mosh-Pro, potentially disguising attacker's malicious intent. This issue was detected in 1.3.2 version of Mosh-Pro. Since authors did not respond to messages from CNA, patching status is unknown.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Storage allows an unauthorized attacker to execute code over a network.
An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
Race in V8 in Google Chrome prior to 139.0.7258.127 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.
Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Incorrect default permissions for some AI Playground software before version v2.3.0 alpha may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions for some Intel(R) Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions for some Intel(R) oneAPI DPC++/C++ Compiler software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
Incorrect default permissions for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
APTIOV contains a vulnerability in BIOS where a skilled user may cause “Race Condition” by local access. A successful exploitation of this vulnerability may lead to resource exhaustion and impact Confidentiality, Integrity, and Availability.
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle. An attacker with local user access can invoke this interpreter with arbitrary commands or scripts, leveraging the application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent. This issue has been fixed in 3.1.4.2 version of GIMP.
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.15.2 to scaffold their operator may still be impacted by this if the insecure user_setup script is still being used to build new container images. In affected images, the /etc/passwd file is created during build time with group-writable permissions and a group ownership of root (gid=0). An attacker who can execute commands within an affected container, even as a non-root user, may be able to leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
A race condition vulnerability has been identified in Shopware's voucher system of Shopware v6.6.10.4 that allows attackers to bypass intended voucher restrictions and exceed usage limitations.
Race condition vulnerability in the kernel hufs module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Race condition issue occurring in the physical page import process of the memory management module. Impact: Successful exploitation of this vulnerability may affect service integrity.
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
Certain Draytek products are affected by Insecure Configuration. This affects AP903 v1.4.18 and AP912C v1.4.9 and AP918R v1.4.9. The setting of the password property in the ripd.conf configuration file sets a hardcoded weak password, posing a security risk. An attacker with network access could exploit this to gain unauthorized control over the routing daemon, potentially altering network routes or intercepting traffic.
OpenNebula Community Edition (CE) before 7.0.0 and Enterprise Edition (EE) before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token (JWT) belonging to a legitimate user without knowledge of their credentials.
Insecure permissions in the script /etc/init.d/lighttpd in AK-Nord USB-Server-LXL Firmware v0.0.16 Build 2023-03-13 allows a locally authenticated low-privilege user to execute arbitrary commands with root privilege via editing this script which is executed with root-privileges on any interaction and on every system boot.
CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, there is no impact to system availability or integrity.
CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality and integrity is low, there is no impact to system availability.
CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are high and no user interaction is required. There is no impact to confidentiality, the impact to integrity is low, and there is no impact to availability. The impact to confidentiality and availability of subsequent systems is high and the impact to the integrity of subsequent systems is low.
A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to cause unexpected system termination.
A race condition was addressed with additional validation. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.
In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Unitree Go1 <= Go1_2022_05_11 is vulnerable to Insecure Permissions as the firmware update functionality (via Wi-Fi/Ethernet) implements an insecure verification mechanism that solely relies on MD5 checksums for firmware integrity validation.
A race condition vulnerability exists in the aVideoEncoder.json.php unzip functionality of WWBN AVideo 14.4 and dev master commit 8a8954ff. A series of specially crafted HTTP request can lead to arbitrary code execution.
A group deletion race condition in 2FAuth v5.5.0 causes data inconsistencies and orphaned accounts when a group is deleted while other operations are pending.
During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user starts the AWS Client VPN client installation process, that code could be executed with root-level privileges. This issue does not affect Linux or Mac devices. We recommend users discontinue any new installations of AWS Client VPN on Windows prior to version 5.2.2.
A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the use and retrieval of the default password. HP has addressed the issue in the latest software update.
The `username:password` part was not correctly stripped from URLs in CSP reports potentially leaking HTTP Basic Authentication credentials. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.
melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue.
apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue.
An incorrect permissions vulnerability was reported in Elliptic Labs Virtual Lock Sensor that could allow a local, authenticated user to escalate privileges.
A vulnerability related to registry permissions in the Intercept X for Windows updater prior to Core Agent version 2024.3.2 can lead to a local user gaining SYSTEM level privileges during a product upgrade.
The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix (API modules) potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23.
In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Tomcat when using the APR/Native connector. This was particularly noticeable with client initiated closes of HTTP/2 connections. This issue affects Apache Tomcat: from 9.0.0.M1 through 9.0.106. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Other, older, EOL versions may also be affected. Users are recommended to upgrade to version 9.0.107, which fixes the issue.