4198 matches found
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2026-36742
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
EUVD-2026-30045
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
CVE-2026-36742
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
CVE-2026-36742
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
PT-2026-40707
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
CVE-2026-36742
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
CVE-2026-36742
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected hidden/debug mode...
CVE-2026-36742
CVE-2026-36742 affects Hiseeu C90 v5.7.15. The issue is insecure permissions: the UART bootloader is accessible when the battery is disconnected (hidden/debug mode). This implies physical-access risk allowing unauthorized access during boot. The public documents consistently describe the vulnerab...
CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions
Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...
EUVD-2026-28401
Snipe-IT has insecure permissions in file uploads...
GHSA-XG82-2HRV-HF64 Snipe-IT has insecure permissions in file uploads
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...
Snipe-IT has insecure permissions in file uploads
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component Impact Users who can view assets, consumables, etc we...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
Updated nano packages fix security vulnerabilities
Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...
MGASA-2026-0121 Updated nano packages fix security vulnerabilities
Local attacker can inject malicious .desktop launcher due to insecure directory permissions. CVE-2026-6842 Format string vulnerability leads to denial of service. CVE-2026-6843...
CVE-2026-37709
The CVE-2026-37709 entry concerns an Insecure Permissions vulnerability in grokability snipe-it ≤ v8.4.0 (fixed after 2026-03-10, commit 676a9958). A remote attacker could execute arbitrary code via app/Http/Controllers/Api/UploadedFilesController.php. The NVD/CVE data indicate a high-severity im...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...