141 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
An iframe from a cross-origin origin that references an XSLT document would inherit the permissions of the parent domain such as access to microphones or cameras. This vulnerability affects Thunderbird 102.2, Thunderbird 91.13, Firefox ESR 91.13, Firefox ESR 102.2, and Firefox 104...
EUVD-2026-37203
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
CVE-2026-12105
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
CVE-2026-12105
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions...
CVE-2026-12105
CVE-2026-12105 affects Devolutions Server in versions 2026.2.5 and 2026.1.21. The root cause is improper access control that allows an authenticated user to access attachments via folder duplication with inherited permissions. The documented impact is confidential data exposure (high) with a CVSS...
PT-2026-49823
Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.5 Devolutions Server version 2026.1.21 Description Improper access control allows an authenticated user to access attachments through a process of folder duplication with inherited permissions. Recommendations...
CVE-2026-6265
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
PT-2026-42675
Name of the Vulnerable Software and Affected Versions NocoDB versions prior to 2026.04.1 Description The OAuth token strategy attaches oauth scope and oauth granted resources to the request user, but the ACL Access Control List middleware fails to consult these values. Consequently, an OAuth toke...
Insecure Inherited Permissions
Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions when handling public methods on ViewComponent::Preview, which are treated as reachable even if the methods are not explicitly allowed, in renderwithtemplate. An attacker can render internal Rails templates...
Insecure Inherited Permissions
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insecure Inherited Permissions due to improper enforcement of security envelope constraints in ACP child session creation. An attacker can bypass intended subagent-only restrictions, such...
CVE-2026-6265
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
CVE-2026-6265 Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
CVE-2026-6265 Local Privilege Escalation in Cerberus FTP Server =< 2025.4.2
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
CVE-2026-6265
CVE-2026-6265 is a local privilege escalation in Cerberus FTP Server on Windows due to insecure preserved inherited permissions. The issue affects Cerberus FTP Server versions up to and including 2025.4.2 and is resolved in version 2026.1. The CVSS-derived metrics indicate a high impact with loca...
CVE-2026-6265
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
EUVD-2026-25849
Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1...
PT-2026-35415
Name of the Vulnerable Software and Affected Versions Cerberus FTP Server versions prior to 2026.1 Description Insecure preserved inherited permissions in Cerberus FTP Server on Windows allow for privilege escalation. Recommendations Update to version 2026.1...
GHSA-5HGF-628X-MCQF uutils coreutils has an Incorrect Permission Assignment for Critical Resource
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...
CVE-2026-33430
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...
CVE-2026-33430
Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...