Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-276 (缺省权限不正确) — Vulnerability Class 447

447 vulnerabilities classified as CWE-276 (缺省权限不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10231 N-central Incorrect Default Permissions could lead to Privilege Escalation — N-central 7.0 High2025-09-10
CVE-2024-43166 Apache DolphinScheduler 安全漏洞 — Apache DolphinScheduler 9.8AICriticalAI2025-09-03
CVE-2025-57846 Digital Arts i-FILTER 安全漏洞 — i-フィルター 6.0 7.8 -2025-08-27
CVE-2025-9190 TCC Bypass via misconfigured Node fuses in Cursor — Cursor 7.3AIHighAI2025-08-26
CVE-2025-53813 TCC Bypass via misconfigured Node fuses in Nozbe — Nozbe 7.3AIHighAI2025-08-26
CVE-2025-53811 TCC Bypass via misconfigured Node fuses in Mosh-Pro — Mosh-Pro 7.3AIHighAI2025-08-26
CVE-2025-8098 Lenovo PC Manager 安全漏洞 — PC Manager 7.8 High2025-08-18
CVE-2025-8672 TCC Bypass via Inherited Permissions in Bundled Interpreter in GIMP.app — GIMP 6.6AIMediumAI2025-08-11
CVE-2025-7195 Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd — operator-sdk 6.4 Medium2025-08-07
CVE-2025-41658 CODESYS Toolkit Exposes Sensitive Files via Default Permissions — Runtime Toolkit 5.5 Medium2025-08-04
CVE-2025-54530 JetBrains TeamCity 安全漏洞 — TeamCity 7.5 High2025-07-28
CVE-2025-8069 Local Privilege Escalation Vulnerability in AWS Client VPN Windows Client — Client VPN 7.8 High2025-07-23
CVE-2025-54059 melange creates SBOM files in APKs with world-writable permissions — melange 4.4 Medium2025-07-18
CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files — apko 7.0 High2025-07-18
CVE-2025-0886 Lenovo Elliptic Labs Virtual Lock Sensor 安全漏洞 — Elliptic Virtual Lock Sensor Service For ThinkPad P1 Gen 6 (Type 21FV, 21FW) 7.8 High2025-07-17
CVE-2024-13972 Sophos Intercept X 安全漏洞 — Sophos Intercept X for Windows Core Agent 8.8 High2025-07-17
CVE-2025-5199 LPE on Multipass for macOS — Multipass 7.3 High2025-07-11
CVE-2025-41665 Phoenix Contact: DoS of the PLC due to incorrect default permissions possible — AXC F 1152 6.5 Medium2025-07-08
CVE-2025-52991 Nix、lix和GNU Guix 安全漏洞 — Nix 3.2 Low2025-06-27
CVE-2025-52900 File Browser has Insecure File Permissions — filebrowser 5.5 Medium2025-06-26
CVE-2025-39201 Hitachi MicroSCADA X SYS600 安全漏洞 — MicroSCADA X SYS600 6.1 Medium2025-06-24
CVE-2025-5963 TCC Bypass via Dylib Injection in Postbox — Postbox 7.8AIHighAI2025-06-20
CVE-2025-5255 TCC Bypass via Dylib Injection in Phoenix Code — Phoenix Code 7.8AIHighAI2025-06-20
CVE-2025-6264 Velociraptor priviledge escalation via UpdateConfig artifact — Velociraptor 5.5 Medium2025-06-20
CVE-2025-49843 conda-smithy Has Incorrect Default File Permissions — conda-smithy 8.1AIHighAI2025-06-17
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User — conda-forge-webservices 10.0AICriticalAI2025-06-17
CVE-2025-36632 Local Privilege Escalation — Agent 7.8 High2025-06-16
CVE-2025-1699 Motorola MotoSignature 安全漏洞 — g34 2.8 Low2025-06-11
CVE-2025-40585 Siemens Energy Services 安全漏洞 — Energy Services 9.9 Critical2025-06-10
CVE-2025-49006 Wasp has case insensitive OAuth ID vulnerability — wasp 8.8AIHighAI2025-06-09

Vulnerabilities classified as CWE-276 (缺省权限不正确) represent 447 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.