Lucene search
+L

4199 matches found

cvelist
cvelist
added 2026/06/09 12:0 a.m.32 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

0.00248EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.16 views

PT-2026-48166

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
cve
cve
added 2026/06/09 12:0 a.m.17 views

CVE-2026-36720

CVE-2026-36720 describes insecure permissions in bookcars v8.3 that allow an authenticated user to escalate privileges from user to admin by modifying their user type. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) yields a base score of 8.1 ( HIGH ), indicating a high impact on confid...

8.1CVSS5.5AI score0.00248EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:51 p.m.12 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

6.5CVSS5.5AI score0.00218EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.11 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS6AI score0.00475EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.10 views

CVE-2026-6456

The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due to the rememberLogin REST API endpoint using a loose comparison != instead of !== for secret validation at app/RestAPI.php:111, combined with no validation that...

8.8CVSS5.5AI score0.00385EPSS
Exploits0References1
osv
osv
added 2026/06/05 5:49 a.m.9 views

BIT-MLFLOW-2026-4137 Incomplete Fix for CVE-2025-10279: Insecure Temporary Directory Permissions in mlflow/mlflow

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7.8CVSS6.2AI score0.00193EPSS
Exploits1References3
nvd
nvd
added 2026/06/05 12:17 a.m.14 views

CVE-2026-11300

Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

4.3CVSS0.00154EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/06/02 9:32 p.m.10 views

CVE-2021-4481

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

8.3CVSS6.2AI score0.00107EPSS
Exploits0References3
packetstormnews
packetstormnews
added 2026/06/01 12:0 a.m.32 views

Espanso 2.3.0 Configuration Security Auditor

This Python script implements a security auditing tool for Espanso configuration files. The EspansoSecurityAuditor class scans Espanso match configurations for potentially dangerous shell commands, insecure permissions, and suspicious execution patterns that could indicate malicious automation or...

5.9AI score
Exploits0
redhatcve
redhatcve
added 2026/05/28 8:13 p.m.15 views

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

8.8CVSS5.8AI score0.00341EPSS
Exploits0References1
nvd
nvd
added 2026/05/27 6:16 p.m.12 views

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

8.8CVSS0.00341EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/05/27 12:0 a.m.9 views

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

5.8AI score0.00341EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/27 12:0 a.m.10 views

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

5.8AI score0.00341EPSS
Exploits0References1
cve
cve
added 2026/05/27 12:0 a.m.19 views

CVE-2026-38807

The CVE-2026-38807 entry concerns an insecure permissions vulnerability in kvf-admin v1.0.0 that enables a remote attacker to escalate privileges via the UserController.java component. Affected software is kvf-admin; the root cause is insecure access control in UserController.java leading to unau...

8.8CVSS5.8AI score0.00341EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/27 12:0 a.m.16 views

PT-2026-44048

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

5.8AI score0.00341EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/05/26 6:37 a.m.11 views

CVE-2026-44468 Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1
cve
cve
added 2026/05/26 6:37 a.m.27 views

CVE-2026-44468

CVE-2026-44468 affects CODESYS Development System. During administrative installation, the process creates a directory with insecure default permissions, allowing a low‑privileged local attacker to modify a temporary file that defines components to be installed. This enables local privilege escal...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1Affected Software1
cnnvd
cnnvd
added 2026/05/26 12:0 a.m.17 views

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the use of insecure default...

8.5CVSS5.9AI score0.00123EPSS
Exploits0References1
euvd
euvd
added 2026/05/25 2:15 p.m.14 views

EUVD-2018-21881

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
Rows per page
Query Builder