Lucene search
+L

3781 matches found

NVD
NVD
added 2 days ago11 views

CVE-2025-59866

The HCL DFMPro, DFXAnalytics and DFXServer installers are affected by ‘Insecure file permissions Leading to Privilege Escalation’ vulnerability, which enables any logged-in non-administrative user to overwrite or replace the executable file with a malicious binary...

3.3CVSS0.00074EPSS
Exploits0References1
CVE
CVE
added 2 days ago8 views

CVE-2025-59866

The CVE concerns HCL DFMPro, DFXAnalytics, and DFXServer installers suffering from Insecure file permissions that allow a logged-in non-administrative user to overwrite or replace the executable with a malicious binary. The underlying cause is unrestricted or insecure permissions on the installer...

3.3CVSS5.4AI score0.00074EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 4 days ago8 views

decompress: @xhmikosr/decompress: Decompress: Arbitrary file read/write via crafted archive extraction

A flaw was found in the decompress package for Node.js. A remote attacker can exploit this vulnerability by crafting a malicious archive. When the archive is extracted, it can create files and links outside the intended directory, leading to unauthorized reading or writing of files. This is due t...

9.1CVSS6AI score0.00588EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/07/10 3:11 a.m.5 views

SUSE CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

5.5CVSS6.1AI score0.00136EPSS
Exploits0References3
CVE
CVE
added 2026/07/08 8:22 p.m.11 views

CVE-2026-58494

CVE-2026-58494 affects Wasmtime runtimes prior to the fixed versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. The issue arises in wasmtime-wasi where hard-link creation and renaming check directory permissions do not correctly match FilePerms on source and destination preopens. This can allow a WASI...

6.5CVSS6AI score0.00119EPSS
Exploits0References9
OSV
OSV
added 2026/07/08 8:22 p.m.5 views

CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/06 9:53 p.m.8 views

EUVD-2026-24969

mkfifo: permissions of an existing file are changed after FIFO creation fails...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2026/07/06 7:52 p.m.8 views

CVE-2026-13769

A flaw was found in AWS CLI. Overly permissive file permissions on Unix-like systems, where the umask has not been configured to restrict file permissions, may allow other local users on the same host to read credentials. This occurs when certain AWS CLI subcommands, such as aws codeartifact logi...

6.8CVSS5.9AI score0.00118EPSS
Exploits0References7
Snyk
Snyk
added 2026/07/01 9:19 p.m.8 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource via the createconfig path in awscli/customizations/codedeploy/register.py. An attacker can read the CodeDeploy on-premises configuration file by accessing it on the same Unix-like ho...

6.8CVSS6AI score0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:34 p.m.6 views

CVE-2026-13769

Overly permissive file permissions in AWS CLI before 1.44.78 v1 and 2.34.29 v2 on Unix-like systems where the umask has not been configured to restrict file permissions the default on most systems may allow other local users on the same host to read credentials written by certain CLI subcommands...

6.8CVSS5.8AI score0.00118EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.22 views

PT-2026-54637

Name of the Vulnerable Software and Affected Versions AWS CLI versions prior to 1.44.78 v1 AWS CLI versions prior to 2.34.29 v2 Description On Unix-like systems where the umask is not configured to restrict file permissions, overly permissive file permissions may allow local users on the same hos...

6.8CVSS5.8AI score0.00118EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 8:53 p.m.5 views

GHSA-RHQ6-9RGH-V45C Pterodactyl Wings: Chmod operation can be used to change permissions of files outside of the server container

In wings/internal/ufs/fsunix.go line 92-94, this function is defined and is used to change permissions of files in the server: go func fs UnixFS fchmodatop string, dirfd int, name string, mode FileMode error return ensurePathErrorunix.Fchmodatdirfd, name, uint32mode, 0, op, name This call to the...

5CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/06/25 12:57 p.m.3 views

SUSE-SU-2026:22368-1 Security update for nodejs22

This update for nodejs22 fixes the following issues Update to 22.23.0: - CVE-2026-6733: undici: Undici: Response queue poisoning on reused keep-alive sockets can lead to incorrect response delivery bsc1268479. - CVE-2026-9496: pacote: excessive CPU consumption in addGitSha when processing a...

9.8CVSS7AI score0.26356EPSS
Exploits3References53
NVD
NVD
added 2026/06/24 9:16 p.m.12 views

CVE-2026-32315

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
RustSec
RustSec
added 2026/06/24 12:0 p.m.12 views

WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj For more information see the GitHub-hosted security advisory...

6.5CVSS5.8AI score0.00119EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/06/23 8:16 p.m.9 views

CVE-2026-54327

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi stored API keys and OAuth credentials in auth.json. A race condition in the file write path could briefly create or rewrite this file with permissions derived from the process umask before tightening the file to owner-only...

2.2CVSS0.00074EPSS
Exploits0References3
CVE
CVE
added 2026/06/23 7:28 p.m.19 views

CVE-2026-54327

The Pi credential storage vulnerability (CVE-2026-54327) stems from a race in the auth.json write path. Between file creation/writes and the subsequent permission tightening, auth.json could be created or rewritten with permissions derived from the process umask, briefly exposing stored API keys ...

2.2CVSS5.8AI score0.00074EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 8:59 p.m.15 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS7AI score0.00292EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.21 views

PT-2026-51431

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...

5.5CVSS5.7AI score0.02902EPSS
Exploits0References13
NVD
NVD
added 2026/06/15 9:17 p.m.10 views

CVE-2026-47261

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
Rows per page
Query Builder