CVE-2026-8827

The AddressRepository::getSqlQuery method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call...

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

CVE-2025-50505

Clash Verge Rev thru 2.2.3 fixed in 2.3.0 forces the installation of system servicesclash-verge-service by default and exposes key functions through the unauthorized HTTP API /startclash, allowing local users to submit arbitrary binpath parameters and pass them directly to the service process for...

Tenable Network Monitor Elevation of Privilege Vulnerability

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Inc. in the United States, mainly used for network vulnerability scanning and security assessment. Tenable Network Monitor suffers from an elevation of privilege vulnerability, which stems from improperly...

AMD Optimizing CPU Libraries 安全漏洞

AMD Optimizing CPU Libraries is a suite of mathematical function libraries from UltraMicroelectronics AMD. A security vulnerability exists in AMD Optimizing CPU Libraries, which stems from improperly setting the default permissions of the installation directory, which could lead to elevation of...

Tenable Network Security Nessus Elevation of Privilege Vulnerability

Tenable Network Security Nessus is a network vulnerability scanning tool developed by Tenable Network Security to detect security vulnerabilities and configuration errors in operating systems, network devices, and applications. Tenable Network Security Nessus suffers from an elevation of privileg...

WatchGuard Terminal Services Agent 安全漏洞

WatchGuard Terminal Services Agent is a terminal agent service from WatchGuard USA. A security vulnerability exists in WatchGuard Terminal Services Agent versions 12.0 through 12.10, which stems from improperly configured directory permissions during a non-default directory installation, which...

WatchGuard Mobile VPN 安全漏洞

WatchGuard Mobile VPN is a VPN application from WatchGuard USA. A security vulnerability exists in WatchGuard Mobile VPN versions 11.0 through 12.11 that stems from improperly configured directory permissions during a non-default directory installation, which could lead to an authenticated local...

CVE-2024-35177 Improper Access Control in wazuh-agent

Wazuh is a free and open source platform used for threat prevention, detection, and response. It is capable of protecting workloads across on-premises, virtualized, containerized, and cloud-based environments. The wazuh-agent for Windows is vulnerable to a Local Privilege Escalation vulnerability...

AMD μProf 安全漏洞

AMD μProf is a software analysis tool from Ultra Micro Semiconductor AMD. A security vulnerability exists in AMD μProf that stems from incorrect default permissions in the installation directory, which could allow an attacker to achieve elevation of privilege, leading to arbitrary code execution...

Tenable Network Security Nessus 安全漏洞

The Tenable Network Security Nessus Agent is a component of the Nessus Vulnerability Scanning Tool developed by Tenable to extend scanning capabilities to other devices on the network. An elevation of privilege vulnerability exists in Tenable Network Security Nessus Agent that stems from a failur...

CVE-2023-23059

An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges...

PT-2023-22195 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest tests-passed, beta and stable branches Description: This issue affects Discourse, an open source platform for community discussion. It is not exploitable on the default install of Discourse, requiring a...

SUSE CVE-2016-9605

A flaw was found in cobbler software component version 2.6.11-1. It suffers from an invalid parameter validation vulnerability, leading the arbitrary file reading. The flaw is triggered by navigating to a vulnerable URL via cobbler-web on a default installation...

SUSE CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...

CVE-2022-22736

If Firefox was installed to a world-writable directory, a local privilege escalation could occur when Firefox searched the current directory for system libraries. However the install directory is not world-writable by default.This bug only affects Firefox for Windows in a non-default installation...

CVE-2022-26526

Anaconda Anaconda3 Anaconda Distribution through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse...

Red Hat Ansible 权限许可和访问控制问题漏洞

Red Hat Ansible is a computer system configuration manager from Red Hat, an American company. The product can be used to publish, manage, and organize computer systems. A privilege permission and access control issue vulnerability exists in Red Hat Ansible Tower, which stems from an error in the...

Bitmask 权限许可和访问控制问题漏洞

Bitmask is an open source application that provides simple and secure encrypted communication via VPN.An access control error vulnerability exists in Bitmask Riseup VPN, which stems from a failure to properly handle ACLs when the product is installed in a non-default directory.An attacker could...

CVE-2020-28392

A vulnerability has been identified in SIMARIS configuration All versions V4.0.1. During installation to default target folder, incorrect permissions are configured for the application folder and subfolders which could allow an attacker to gain persistence or potentially escalate privileges shoul...