Lucene search
+L

4198 matches found

attackerkb
attackerkb
added 2026/05/15 12:0 a.m.6 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

5.9AI score0.00218EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/05/14 7:58 p.m.10 views

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

6.8CVSS5.8AI score0.00169EPSS
Exploits0References1
euvd
euvd
added 2026/05/13 6:30 p.m.10 views

EUVD-2026-30045

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

5.8AI score0.00169EPSS
Exploits0References3
nvd
nvd
added 2026/05/13 4:16 p.m.10 views

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

6.8CVSS0.00169EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/13 12:0 a.m.33 views

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

0.00169EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/05/13 12:0 a.m.20 views

PT-2026-40707

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

5.8AI score0.00169EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/05/13 12:0 a.m.9 views

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

5.8AI score0.00169EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/13 12:0 a.m.6 views

CVE-2026-36742

Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...

5.8AI score0.00169EPSS
Exploits0References3
cve
cve
added 2026/05/13 12:0 a.m.18 views

CVE-2026-36742

CVE-2026-36742 affects Hiseeu C90 v5.7.15. The issue is insecure permissions: the UART bootloader is accessible when the battery is disconnected (hidden/debug mode). This implies physical-access risk allowing unauthorized access during boot. The public documents consistently describe the vulnerab...

6.8CVSS5.8AI score0.00169EPSS
Exploits0References2
cvelist
cvelist
added 2026/05/11 6:0 p.m.41 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS0.00098EPSS
Exploits0References3
euvd
euvd
added 2026/05/08 11:4 p.m.11 views

EUVD-2026-28401

Snipe-IT has insecure permissions in file uploads...

9.8CVSS5.8AI score0.00475EPSS
Exploits0References3
osv
osv
added 2026/05/08 11:4 p.m.12 views

GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4
github
github
added 2026/05/08 11:4 p.m.9 views

Snipe-IT has insecure permissions in file uploads

Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References4Affected Software1
nvd
nvd
added 2026/05/07 6:16 p.m.17 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS0.00475EPSS
Exploits0References2
mageia
mageia
added 2026/05/07 5:6 a.m.12 views

Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References2
osv
osv
added 2026/05/07 5:6 a.m.13 views

MGASA-2026-0121 Updated nano packages fix security vulnerabilities

Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...

5.5CVSS5.8AI score0.00108EPSS
Exploits0References3
cve
cve
added 2026/05/07 12:0 a.m.22 views

CVE-2026-37709

The CVE-2026-37709 entry concerns an Insecure Permissions vulnerability in grokability snipe-it ≤ v8.4.0 (fixed after 2026-03-10, commit 676a9958). A remote attacker could execute arbitrary code via app/Http/Controllers/Api/UploadedFilesController.php. The NVD/CVE data indicate a high-severity im...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/05/07 12:0 a.m.34 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

0.00475EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/05/07 12:0 a.m.7 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS6.2AI score0.00475EPSS
Exploits0References3
osv
osv
added 2026/05/07 12:0 a.m.3 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS6.4AI score0.00475EPSS
Exploits0References4
Rows per page
Query Builder