ClearanceKit 安全漏洞

ClearanceKit is a macOS file system access control tool developed by Craig J. Bass. Versions of ClearanceKit prior to 5.0.4-beta-1f46165 contained security vulnerabilities. These vulnerabilities stemmed from the endpoint security event handler only checking the source path for double-path...

EUVD-2026-17608

Parser Server's streaming file download bypasses afterFind file trigger authorization...

CVE-2026-0903

Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. Chromium security severity: Medium...

CVE-2026-0903

CVE-2026-0903 refers to an Inappropriate implementation in Downloads in Google Chrome (Windows) before 144.0.7559.59, allowing a remote attacker to bypass dangerous file-type protections with a malicious file. Publicly documented fixes show Chromium-based updates delivering version 144.0.7559.59 ...

CVE-2025-65319

When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

CVE-2025-65319

CVE-2025-65319 affects Blue Mail

CVE-2025-65318

When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software...

CVE-2025-64108

Cursor is a code editor built for programming with AI. In versions 1.7.44 and below, various NTFS path quirks allow a prompt injection attacker to circumvent sensitive file protections and overwrite files which Cursor requires human approval to overwrite. Modification of some of the protected fil...

EUVD-2022-25982

Malicious code in bioql PyPI...

SUSE CVE-2018-5107

The printing process can bypass local access protections to read files available through symlinks, bypassing local file restrictions. The printing process requires files in a specific format so arbitrary data cannot be read but it is possible that some local file information could be exposed. Thi...

SUSE CVE-2020-11979

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the...

SUSE-SU-2022:4462-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 102.6.0 ESR bsc1206242: - CVE-2022-46880: Use-after-free in WebGL - CVE-2022-46872: Arbitrary file read from a compromised content process - CVE-2022-46881: Memory corruption in WebGL - CVE-2022-46874: Dra...

CVE-2022-20732 Cisco Virtualized Infrastructure Manager Privilege Escalation Vulnerability

A vulnerability in the configuration file protections of Cisco Virtualized Infrastructure Manager VIM could allow an authenticated, local attacker to access confidential information and elevate privileges on an affected device. This vulnerability is due to improper access permissions for certain...

python: Undocumented local_file protocol allows remote attackers to bypass protection mechanisms

urllib in Python 2.x through 2.7.16 supports the localfile: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen'localfile:///etc/passwd' call...

DEBIAN-CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux also known as "WSL" while accessing a working directory on a regular Windows drive, none of the NTFS...

Intel Data Center Manager SDK Local Information Disclosure Vulnerability (CNVD-2019-05274)

Intel Data Center Manager SDK is a data center management SDK software development kit from Intel USA. The product provides real-time power and cooling data for devices. A security vulnerability exists in the uninstall routine in IntelR Data Center Manager SDK versions prior to 5.0.2, which stems...

CVE-2019-0104

Insufficient file protection in uninstall routine for IntelR Data Center Manager SDK before version 5.0.2 may allow an authenticated user to potentially enable information disclosure via local access...

Siemens SIMATIC STEP 7 suffers from an information disclosure vulnerability (CNVD-2016-08769)

Siemens SIMATIC is an automation software with a single engineering environment. An information disclosure vulnerability exists in Siemens SIMATIC STEP 7 V12 and V13. A local attacker can exploit the vulnerability to bypass the protection of the TIA Portal Project File Transfer Format and access...