Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

CVEs (509)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-48003 1Microsoft 10Windows 10 1809 Windows 10 21h2Windows 10 22h2+7 more Jul 15, 2025 Jul 8, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-47984 1Microsoft 15Windows 10 1507 Windows 10 1607Windows 10 1809+12 more Jul 14, 2025 Jul 8, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.
CVE-2025-47159 1Microsoft 13Windows 10 1507 Windows 10 1607Windows 10 1809+10 more Jul 14, 2025 Jul 8, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.
CVE-2025-41224 - - Jul 8, 2025 Jul 8, 2025 7.7 HIGH· v4 8.8 HIGH· v3 N/A· v2 A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All...Show more A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.Show less
CVE-2025-6427 1Mozilla 1Firefox Apr 13, 2026 Jun 24, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was f...Show more An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability was fixed in Firefox 140 and Thunderbird 140.Show less
CVE-2025-49193 1Sick 6Baggage Analytics Field AnalyticsLogistic Diagnostic Analytics+3 more Jan 26, 2026 Jun 12, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking at...Show more The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).Show less
CVE-2025-47160 1Microsoft 14Windows 10 1507 Windows 10 1607Windows 10 1809+11 more Jul 9, 2025 Jun 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-33050 1Microsoft 5Windows Server 2016 Windows Server 2019Windows Server 2022+2 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-32725 1Microsoft 5Windows Server 2016 Windows Server 2019Windows Server 2022+2 more Jul 10, 2025 Jun 10, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
CVE-2025-31189 1Apple 1Macos Apr 2, 2026 May 29, 2025 N/A· v4 8.2 HIGH· v3 N/A· v2 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox.
CVE-2025-27700 1Google 1Android Jul 24, 2025 May 27, 2025 N/A· v4 8.4 HIGH· v3 N/A· v2 There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploit...Show more There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Show less
CVE-2025-41232 - - May 21, 2025 May 21, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are...Show more Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methodsShow less
CVE-2025-21081 - - May 16, 2025 May 13, 2025 2.0 LOW· v4 4.5 MEDIUM· v3 N/A· v2 Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-31244 1Apple 1Macos Nov 3, 2025 May 12, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.
CVE-2025-31224 1Apple 1Macos Apr 2, 2026 May 12, 2025 N/A· v4 7.8 HIGH· v3 N/A· v2 A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences.
CVE-2025-46553 1Misskey 1Summaly Dec 1, 2025 May 5, 2025 2.1 LOW· v4 6.1 MEDIUM· v3 N/A· v2 @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed...Show more @misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.Show less
CVE-2025-3114 - - Apr 15, 2025 Apr 9, 2025 9.4 CRITICAL· v4 N/A· v3 N/A· v2 Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnera...Show more Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.Show less
CVE-2025-27472 1Microsoft 2Windows 10 1507 Windows Server 2012 Jul 8, 2025 Apr 8, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
CVE-2025-26637 1Microsoft 12Windows 10 1507 Windows 10 1607Windows 10 22h2+9 more Feb 16, 2026 Apr 8, 2025 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
CVE-2025-21384 1Microsoft 1Azure Health Bot Jul 8, 2025 Apr 1, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Previous 1...111213...26 Next