Lucene search
K

3760 matches found

CNNVD
CNNVD
added 2026/06/02 12:0 a.m.5 views

Dräger Protector Software 安全漏洞

Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...

8.3CVSS6AI score0.00107EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Dräger Protector Software 安全漏洞

Dräger Protector Software is a gas detection and safety monitoring management platform developed by the German company Dräger. Versions of Dräger Protector Software prior to version 6.4.2 contained security vulnerabilities. These vulnerabilities were due to insecure file system permissions, which...

8.3CVSS6AI score0.00107EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 6:51 p.m.12 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/29 12:38 a.m.14 views

EUVD-2026-33230

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 11:59 p.m.43 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS0.00123EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/28 11:59 p.m.12 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/05/26 5:3 a.m.12 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/26 4:14 a.m.13 views

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

9.8CVSS5.8AI score0.00247EPSS
Exploits0References8
NVD
NVD
added 2026/05/25 3:16 p.m.19 views

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.23 views

CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.23 views

CVE-2018-25359

CVE-2018-25359 affects Splinterware System Scheduler Pro 5.12. The issue is insecure file permissions enabling low-privilege users to replace the service executable (WService.exe) in the installation directory, causing a malicious binary to run with LocalSystem privileges when the service starts....

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

Splinterware System Scheduler Pro 安全漏洞

Splinterware System Scheduler Pro is a task scheduling management software from Splinterware. A security vulnerability exists in Splinterware System Scheduler Pro version 5.12, which stems from insecure file permissions and could allow a low-privileged user to elevate privileges by modifying the...

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/22 12:31 a.m.15 views

EUVD-2026-31360

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1070e Security Update: jersey (UTSA-2026-016750)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016750 advisory. Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFil...

6.2CVSS5.8AI score0.00905EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.13 views

Unity Linux 20.1060e / 20.1070e Security Update: ant (UTSA-2026-016647)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016647 advisory. As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them...

7.5CVSS6.8AI score0.08235EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 10:16 p.m.20 views

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

4.3CVSS0.00288EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:18 p.m.36 views

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS0.00288EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:18 p.m.38 views

CVE-2026-7886

Concrete CMS versions 9.5.0 and below are vulnerable to an IDOR in AddMessage/UpdateMessage via the attachments[] parameter. The AddMessage and UpdateMessage controllers load files by ID with $em->find(File::class, $attachmentID) without per-file permission checks (canViewFile()), enabling a u...

4.3CVSS5.7AI score0.00288EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:18 p.m.11 views

CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

2.3CVSS5.7AI score0.00288EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/05/21 12:0 p.m.10 views

RUSTSEC-2026-0149 WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

7.5CVSS5.8AI score0.00357EPSS
Exploits0References3
Rows per page
Query Builder