Lucene search
+L

4199 matches found

NVD
NVD
added 2026/04/02 12:16 a.m.8 views

CVE-2026-21765

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

8.8CVSS0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/01 11:36 p.m.3 views

CVE-2026-21765

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

8.8CVSS5.9AI score0.00101EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/01 11:36 p.m.31 views

CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

8.8CVSS0.00101EPSS
Exploits0References1
CVE
CVE
added 2026/04/01 11:36 p.m.18 views

CVE-2026-21765

CVE-2026-21765 concerns the HCL BigFix Platform, where private cryptographic keys on Windows hosts may have overly permissive file system permissions. The root cause stated is insecure permissions on private keys, potentially exposing confidentiality, integrity, and availability (all scored high)...

8.8CVSS5.9AI score0.00101EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/04/01 9:15 p.m.4 views

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.14 views

PT-2026-29651

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

8.8CVSS5.9AI score0.00101EPSS
Exploits0References2
OSV
OSV
added 2026/03/31 9:32 p.m.9 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/27 2:24 p.m.6 views

CVE-2021-27700

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc...

7.6CVSS6.9AI score0.00326EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2026/03/26 5:48 p.m.7 views

Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: CVE-2025-32801: Fixed loading a malicious hook library can lead to local privilege escalation. CVE-2025-32802: Fixed insecure handling of file paths allows multiple local attacks. CVE-2025-32803: Fixed insecure fi...

8.5CVSS5.9AI score0.00233EPSS
Exploits0References8
OSV
OSV
added 2026/03/26 4:54 p.m.3 views

CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS5.9AI score0.00132EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/26 4:54 p.m.2 views

CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS5.8AI score0.00132EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/25 8:31 p.m.3 views

CVE-2026-4822 Enter Software Iperius Backup Backup Service temp file

A vulnerability was detected in Enter Software Iperius Backup up to 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...

7.3CVSS6.3AI score0.00163EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/23 9:40 p.m.8 views

Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Impact If a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, the installation process creates an directory that inherits all the permissions of the parent directory. Depending on the location chosen by...

7.3CVSS5.8AI score0.00132EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2026/03/21 3:33 p.m.4 views

EUVD-2019-19884

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References5
NVD
NVD
added 2026/03/21 1:16 p.m.6 views

CVE-2019-25568

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS0.0032EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/21 12:47 p.m.2 views

CVE-2019-25568

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/20 10:40 p.m.3 views

CVE-2026-32810 Halloy has insecure file permissions on credential files

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.9AI score0.00175EPSS
Exploits1References4
CVE
CVE
added 2026/03/20 10:40 p.m.10 views

CVE-2026-32810

Halloy is an IRC app written in Rust. Before commit f180e41061db393acf65bc99f5c5e7397586d9cb, Halloy creates its config directory and files with default umask permissions (typically 0644 files, 0755 dirs), allowing any local user to read plaintext credentials in config.toml or referenced password...

5.5CVSS5.8AI score0.00175EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/20 10:40 p.m.4 views

EUVD-2026-13865

Halloy is an IRC application written in Rust. In versions on \nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask permissions, which typically results in 0644 on files and 0755 on directories. This allows any...

4.8CVSS5.8AI score0.00175EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/18 4:9 p.m.7 views

Insecure Temporary File

Overview @capgo/cli is an A CLI to upload to capgo servers Affected versions of this package are vulnerable to Insecure Temporary File via unsafe file operations that follow symlinks and do not enforce secure permissions. An attacker can overwrite arbitrary files or expose sensitive credential...

8.6CVSS5.9AI score
Exploits0References4
Rows per page
Query Builder