CVE-2026-44468 Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

OESA-2025-2756 containerd security update

containerd is an industry-standard container runtime with an emphasis on simplicity, robustness and portability. It is available as a daemon for Linux and Windows, which can manage the complete container lifecycle of its host system: image transfer and storage, container execution and supervision...

CVE-2025-10918

Insecure default permissions in the agent of Ivanti Endpoint Manager before version 2024 SU4 allows a local authenticated attacker to write arbitrary files anywhere on disk...

CVE-2025-10918

CVE-2025-10918 affects Ivanti Endpoint Manager prior to version 2024 SU4. The vulnerability arises from insecure default permissions in the agent, allowing a locally authenticated attacker to write arbitrary files anywhere on disk (local impact, high severity). Connected sources also reference re...

EUVD-2004-2195

Malware in sbrugna...

CVE-2025-26470

Incorrect default permissions for some IntelR Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2021-20037

SonicWall Global VPN Client 4.10.5 installer 32-bit and 64-bit incorrect default file permission vulnerability leads to privilege escalation which potentially allows command execution in the host operating system. This vulnerability impacts GVC 4.10.5 installer and earlier...

AMD Ryzen Master 安全漏洞

AMD Ryzen Master is a software tool from UltraMicroelectronics AMD for managing and tuning the performance of AMD Ryzen processors. AMD Ryzen Master has a security vulnerability that stems from incorrect default permissions. An attacker exploiting this vulnerability could achieve elevation of...

CVE-2023-37878

Insecure default permissions in Wing FTP Server Admin Web Client allows for privilege escalation.This issue affects Wing FTP Server: = 7.2.0...

CVE-2023-37878 Insecure Default Permissions in Wing FTP Server <= 7.2.0

Insecure default permissions in Wing FTP Server Admin Web Client allows for privilege escalation.This issue affects Wing FTP Server: = 7.2.0...

Slackware: Security Advisory (SSA:2014-160-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-43037

An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The Unitrends Windows agent was vulnerable to DLL injection and binary planting due to insecure default permissions. This allowed privilege escalation from an unprivileged user to SYSTEM...

List of Security Fixes and Improvements in Veeam Agent for Linux

Purpose This article describes all security-related fixes and improvements introduced in each release or update of Veeam Agent for Linux. The goal of this article is to provide our customers' security and compliance teams with the detailed information on security improvements between releases, in...

CVE-2018-18931

CVE-2018-18931 affects Tightrope Media Carousel (v7.0.4.104). The issue arises from insecure default permissions on C:\TRMS\Services, enabling an attacker with system access to replace Carousel.Service.exe with a malicious executable. This independent service can be manipulated without affecting ...

CVE-2018-12441

The CorsairService Service in Corsair Utility Engine is installed with insecure default permissions, which allows unprivileged local users to execute arbitrary commands via modification of the CorsairService BINARYPATHNAME, leading to complete control of the affected system. The issue exists due ...

CVE-2018-12441

The CorsairService in Corsair Utility Engine has insecure default permissions: the Everyone group is granted SERVICE_ALL_ACCESS, enabling unprivileged local users to modify CorsairService BINARY_PATH_NAME and execute arbitrary commands, resulting in complete control of the system. Connected docum...

WampServer 3.0.6 - Insecure File Permissions Vulnerability

WampServer Formerly WAMP5 is a Web development platform WAMP type, for operating locally without connecting to an external server PHP scripts. WampServer is not in itself a software but an environment with two servers Apache and MySQL, a script interpreter PHP and phpMyAdmin for administration We...

PQI Air Pen Express 6W51-0000R2 / 6W51-0000R2XXX - Multiple Vulnerabilities

Exploit for hardware platform in category web applications Overview ======= Technical Risk: high Likelihood of Exploitation: medium Vendor: PQI Group Affected Products: PQI Air Pen Express - Wireless Router 6W51-0000R2 and 6W51-0000R2XXX Credits: Discovered and researched by Orwelllabs Adivisory...