Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (509)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-35968 - - Nov 12, 2025 Nov 11, 2025 7.1 HIGH· v4 6.4 MEDIUM· v3 N/A· v2 Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack...Show more Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.Show less
CVE-2025-26402 - - Nov 12, 2025 Nov 11, 2025 6.8 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack...Show more Protection mechanism failure for some Intel(R) NPU Drivers within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.Show less
CVE-2025-24848 1Intel 1Computing Improvement Program Apr 29, 2026 Nov 11, 2025 5.4 MEDIUM· v4 6.3 MEDIUM· v3 N/A· v2 Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user...Show more Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires passive user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.Show less
CVE-2025-24834 1Intel 1Computing Improvement Program Nov 26, 2025 Nov 11, 2025 6.0 MEDIUM· v4 6.5 MEDIUM· v3 N/A· v2 Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an unauthenticated...Show more Protection mechanism failure for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an unauthenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via adjacent access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.Show less
CVE-2025-10905 - - Nov 12, 2025 Nov 11, 2025 N/A· v4 4.4 MEDIUM· v3 N/A· v2 Collision in MiniFilter driver in Avast Software Avast Free Antivirus before 25.9 on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.
CVE-2025-12909 1Google 1Chrome Nov 21, 2025 Nov 8, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to leak cross-origin data via Devtools. (Chromium security severity: Low)
CVE-2025-12906 1Google 1Chrome Nov 21, 2025 Nov 8, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)
CVE-2025-43413 1Apple 6Ipados Iphone OsMacos+3 more Apr 2, 2026 Nov 4, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A...Show more An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A sandboxed app may be able to observe system-wide network connections.Show less
CVE-2025-60711 1Microsoft 1Edge Chromium Nov 5, 2025 Oct 31, 2025 N/A· v4 6.3 MEDIUM· v3 N/A· v2 Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.
CVE-2025-12554 1Azure Access 2Blu Ic2 Firmware Blu Ic4 Firmware Nov 10, 2025 Oct 31, 2025 6.9 MEDIUM· v4 9.8 CRITICAL· v3 N/A· v2 Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
CVE-2025-12094 - - Nov 4, 2025 Oct 31, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting...Show more The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordPress is vulnerable to IP Header Spoofing in all versions up to, and including, 1.2.53. This is due to the plugin trusting client-controlled forwarded headers (such as CF-Connecting-IP, X-Forwarded-For, and others) without verifying that those headers originate from legitimate, trusted proxies. This makes it possible for unauthenticated attackers to spoof their IP address and bypass IP-based security controls, including blocked IP lists and rate limiting protections, by sending arbitrary HTTP headers with their requests.Show less
CVE-2025-0277 1Hcltech 2Bigfix Mobile Bigfix Modern Client Management Oct 21, 2025 Oct 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of...Show more HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.Show less
CVE-2025-0276 1Hcltech 2Bigfix Mobile Bigfix Modern Client Management Oct 21, 2025 Oct 16, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly res...Show more HCL BigFix Modern Client Management (MCM) 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.Show less
CVE-2025-52615 1Hcltech 1Unica Oct 20, 2025 Oct 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.
CVE-2025-43296 1Apple 1Macos Oct 20, 2025 Oct 9, 2025 N/A· v4 5.5 MEDIUM· v3 N/A· v2 A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks.
CVE-2025-55886 - - Nov 17, 2025 Sep 22, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to ac...Show more An Insecure Direct Object Reference (IDOR) vulnerability was discovered in ARD. The flaw exists in the `fe_uid` parameter of the payment history API endpoint. An authenticated attacker can manipulate this parameter to access the payment history of other users without authorization.Show less
CVE-2025-10157 1Mmaitre314 1Picklescan Nov 13, 2025 Sep 17, 2025 9.3 CRITICAL· v4 7.8 HIGH· v3 N/A· v2 A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exac...Show more A Protection Mechanism Failure vulnerability in mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass the unsafe globals check. This is possible because the scanner performs an exact match for module names, allowing malicious payloads to be loaded via submodules of dangerous packages (e.g., 'asyncio.unix_events' instead of 'asyncio'). When the incorrectly considered safe file is loaded after scan, it can lead to the execution of malicious code.Show less
CVE-2025-37124 - - Sep 17, 2025 Sep 16, 2025 N/A· v4 8.6 HIGH· v3 N/A· v2 A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traf...Show more A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.Show less
CVE-2025-10528 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Sep 16, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3.
CVE-2025-43330 1Apple 1Macos Apr 2, 2026 Sep 15, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Tahoe 26. An app may be able to break out of its sandbox.

Previous 1...8910...26 Next