CVE-2026-23890 pnpm scoped bin name Path Traversal allows arbitrary file creation outside node_modules/.bin

pnpm is a package manager. Prior to version 10.28.1, a path traversal vulnerability in pnpm's bin linking allows malicious npm packages to create executable shims or symlinks outside of nodemodules/.bin. Bin names starting with @ bypass validation, and after scope normalization, path traversal...

CVE-2021-47761

MilleGPG5 5.7.2 contains a local privilege escalation vulnerability that allows authenticated users to modify service executable files in the MariaDB bin directory. Attackers can replace the mysqld.exe with a malicious executable, which will execute with system privileges when the computer restar...

CVE-2023-53949

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access...

CVE-2023-53949

CVE-2023-53949 affects AspEmail 5.6.0.2. It describes a binary permission vulnerability in the BIN directory that allows local privilege escalation by replacing the Persits Software EmailAgent service executable, enabling elevated system access. The issue is rated high (local, low attack complexi...

CVE-2023-53949 AspEmail 5.6.0.2 Local Privilege Escalation via Binary Permission Vulnerability

AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access...

AspEmail 安全漏洞

AspEmail is a dynamic server component from AspEmail USA. A security vulnerability exists in AspEmail version 5.6.0.2 that stems from improper permissions on the BIN directory, which could lead to elevated privileges...