Skip to main content

CWE-275

Permission Issues

67 CVEs Avg CVSS 6.5 MITRE
5
CRITICAL
25
HIGH
32
MEDIUM
5
LOW
11
POC
0
KEV

Monthly

CVE-2026-12201 LOW POC Monitor

Permission misconfiguration in IObit Malware Fighter's DLL Handler component (versions up to 13.2.0) allows a local low-privileged attacker to exploit insecure resource permissions, resulting in low-severity confidentiality, integrity, and availability impacts. The vulnerability stems from CWE-275 (Improper Permission Assignment for a Resource), and a public proof-of-concept exploit is available via GitHub and a researcher blog post. The vendor was notified prior to disclosure but did not respond, meaning no official patch or mitigation guidance has been issued.

Information Disclosure Malware Fighter
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.1%
CVE-2026-41976 MEDIUM This Month

Permission control failure in the audio framework of Huawei HarmonyOS and EMUI allows a local attacker with no special privileges, but requiring user interaction, to access confidential audio service data with high confidentiality impact alongside minor integrity and availability effects. The vulnerability stems from improper permission enforcement (CWE-275) within the audio subsystem. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the local-attack-vector with user interaction requirement limits mass exploitation.

Information Disclosure Emui
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-41978 MEDIUM This Month

Permission control vulnerability in the HarmonyOS clone module allows a local attacker to read confidential service data, with low confidentiality and availability impact. The flaw stems from improper permission enforcement (CWE-275) during clone operations and requires user interaction to trigger. No public exploit code exists and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.

Information Disclosure
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2026-41969 MEDIUM This Month

A permission control vulnerability in the projection module of Huawei HarmonyOS and EMUI allows local attackers with physical access to bypass authorization checks and disclose sensitive information. The flaw affects confidentiality through improper permission enforcement in a physical-access attack vector requiring user interaction. No active exploitation has been confirmed, and patch availability has not been independently verified from the provided reference.

Information Disclosure Emui
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-28553 MEDIUM This Month

HarmonyOS and EMUI theme setting modules fail to enforce proper permission controls, allowing local attackers with user interaction to read sensitive system information across security boundaries. The vulnerability requires physical or local access and user interaction but can compromise confidentiality of protected data; CVSS 6.9 reflects moderate-to-high real-world risk due to local attack surface and CVSS vector showing high confidentiality impact (C:H) despite lower integrity and availability consequences.

Information Disclosure Emui
NVD
CVSS 3.1
6.9
EPSS
0.0%
CVE-2025-54624 MEDIUM This Month

Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-54618 MEDIUM This Month

Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-53168 MEDIUM This Month

CVE-2025-53168 is a security vulnerability (CVSS 5.7) that allows the peer device. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Harmonyos
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2024-3118 HIGH This Week

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dreamer Cms
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.8%
CVE-2023-6762 MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.7%
EPSS 0% CVSS 1.9
LOW POC Monitor

Permission misconfiguration in IObit Malware Fighter's DLL Handler component (versions up to 13.2.0) allows a local low-privileged attacker to exploit insecure resource permissions, resulting in low-severity confidentiality, integrity, and availability impacts. The vulnerability stems from CWE-275 (Improper Permission Assignment for a Resource), and a public proof-of-concept exploit is available via GitHub and a researcher blog post. The vendor was notified prior to disclosure but did not respond, meaning no official patch or mitigation guidance has been issued.

Information Disclosure Malware Fighter
NVD VulDB GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

Permission control failure in the audio framework of Huawei HarmonyOS and EMUI allows a local attacker with no special privileges, but requiring user interaction, to access confidential audio service data with high confidentiality impact alongside minor integrity and availability effects. The vulnerability stems from improper permission enforcement (CWE-275) within the audio subsystem. No public exploit has been identified at time of analysis and the vulnerability is not listed in CISA KEV, though the local-attack-vector with user interaction requirement limits mass exploitation.

Information Disclosure Emui
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Permission control vulnerability in the HarmonyOS clone module allows a local attacker to read confidential service data, with low confidentiality and availability impact. The flaw stems from improper permission enforcement (CWE-275) during clone operations and requires user interaction to trigger. No public exploit code exists and this vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog at time of analysis.

Information Disclosure
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

A permission control vulnerability in the projection module of Huawei HarmonyOS and EMUI allows local attackers with physical access to bypass authorization checks and disclose sensitive information. The flaw affects confidentiality through improper permission enforcement in a physical-access attack vector requiring user interaction. No active exploitation has been confirmed, and patch availability has not been independently verified from the provided reference.

Information Disclosure Emui
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

HarmonyOS and EMUI theme setting modules fail to enforce proper permission controls, allowing local attackers with user interaction to read sensitive system information across security boundaries. The vulnerability requires physical or local access and user interaction but can compromise confidentiality of protected data; CVSS 6.9 reflects moderate-to-high real-world risk due to local attack surface and CVSS vector showing high confidentiality impact (C:H) despite lower integrity and availability consequences.

Information Disclosure Emui
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Unexpected injection event vulnerability in the multimodalinput module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Code Injection Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Permission control vulnerability in the distributed clipboard module. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Harmonyos
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

CVE-2025-53168 is a security vulnerability (CVSS 5.7) that allows the peer device. Remediation should follow standard vulnerability management procedures.

Authentication Bypass Harmonyos
NVD
EPSS 1% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in Dreamer CMS up to 4.1.3. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Dreamer Cms
NVD GitHub VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Icecms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy