CVE Database

9+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

9 results for "CWE-73"

CVE-2026-9651

CWE-732 Incorrect Permission Assignment for Critical Resource vulnerability that could cause unauthorized disclosure of password hashes and potential account compromise when an attacker with privileged …

Jun 25, 2026
CVE-2026-10303
7.4 HIGH

In ServerCo getssl version 2.49 and prior, the ACME challenge token returned to the client was not strictly validated against RFC 8555 before being used …

Jun 16, 2026
CVE-2025-57741
7.8 HIGH

An Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac 7.4.0 through 7.4.3, 7.2.0 through 7.2.11, 7.0 all versions may allow a local attacker …

Oct 14, 2025
CVE-2025-0758
6.1 MEDIUM

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. (CWE-732) …

Apr 16, 2025
CVE-2023-45588
8.2 HIGH

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local …

Mar 14, 2025
CVE-2024-31202
7.8 HIGH

A “CWE-732: Incorrect Permission Assignment for Critical Resource” in the ThermoscanIP installation folder allows a local attacker to perform a Local Privilege Escalation.

Jul 31, 2024
CVE-2024-23317
6.3 MEDIUM

External Control of File Name or Path (CWE-73) in the Controller 6000 and Controller 7000 allows an attacker with local access to the Controller to …

Jul 11, 2024
CVE-2024-31492
8.2 HIGH

An external control of file name or path vulnerability [CWE-73] in FortiClientMac version 7.2.3 and below, version 7.0.10 and below installer may allow a local …

Apr 10, 2024
CVE-2023-34042
4.1 MEDIUM

The spring-security.xsd file inside the spring-security-config jar is world writable which means that if it were extracted it could be written by anyone with access …

Feb 5, 2024

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.