Lucene search
K

1392 matches found

Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.14 views

PT-2026-45860

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

8.3CVSS6AI score0.00107EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/01 6:57 p.m.10 views

CVE-2026-49135 CodexBar < 0.32.0 Insecure Temporary File Handling in Notarization Workflow

CodexBar prior to 0.32.0 contains an insecure temporary file handling vulnerability that allows local attackers to access sensitive credentials or tamper with build artifacts by exploiting predictable file paths in the release notarization workflow. Attackers with access to the same host can read...

7.2CVSS5.8AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 2026/05/25 3:16 p.m.20 views

CVE-2018-25359

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25359

CVE-2018-25359 affects Splinterware System Scheduler Pro 5.12. The issue is insecure file permissions enabling low-privilege users to replace the service executable (WService.exe) in the installation directory, causing a malicious binary to run with LocalSystem privileges when the service starts....

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/25 2:15 p.m.24 views

CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

8.6CVSS0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/25 12:0 a.m.14 views

Splinterware System Scheduler Pro 安全漏洞

Splinterware System Scheduler Pro is a task scheduling management software from Splinterware. A security vulnerability exists in Splinterware System Scheduler Pro version 5.12, which stems from insecure file permissions and could allow a low-privileged user to elevate privileges by modifying the...

8.6CVSS5.8AI score0.00159EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/19 6:46 a.m.20 views

EUVD-2026-30849

The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafeajaxformbuilder' function in all versions up to, and including, 7.1.70. The plugin uses an incomplete extension blacklist that only blocks php, phpt,...

9.8CVSS6.5AI score0.00953EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/05/18 7:3 p.m.9 views

CVE-2026-45246

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/05/18 7:3 p.m.7 views

CVE-2026-45246 Summarize < 0.15.1 Insecure File Permissions Information Disclosure

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/18 7:3 p.m.44 views

CVE-2026-45246 Summarize < 0.15.1 Insecure File Permissions Information Disclosure

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS0.00137EPSS
Exploits1References4
OSV
OSV
added 2026/05/18 7:3 p.m.3 views

CVE-2026-45246 Summarize < 0.15.1 Insecure File Permissions Information Disclosure

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

6.8CVSS6AI score0.00137EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.9 views

Summarize 安全漏洞

Summarize is a multi-source rapid summarization tool developed by Peter Steinberger. Versions of Summarize prior to 0.15.1 contain security vulnerabilities. These vulnerabilities stem from insecure file permissions in the configuration rewritepath without refreshing, allowing local users to acces...

6.8CVSS5.8AI score0.00137EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/17 12:11 p.m.13 views

EUVD-2018-21853

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4
CVE
CVE
added 2026/05/17 12:11 p.m.19 views

CVE-2018-25332

CVE-2018-25332 - GitBucket 4.23.1 Unauthenticated Remote Code Execution Affected software: GitBucket 4.23.1. Vulnerability: An unauthenticated remote code execution flaw exists due to weak secret token generation and insecure file upload functionality. Adversaries can brute-force the Blowfish enc...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.9 views

CVE-2018-25332

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS6.6AI score0.00589EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.43 views

CVE-2018-25332 GitBucket 4.23.1 Unauthenticated Remote Code Execution

GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by exploiting weak secret token generation and insecure file upload functionality. Attackers can brute-force the Blowfish encryption key, upload a malicious JAR...

9.8CVSS0.00589EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

GitBucket 访问控制错误漏洞

GitBucket is an open-source Git code hosting platform based on Scala. Version 4.23.1 of GitBucket contains a vulnerability related to access control. This vulnerability stems from the generation of weak secret tokens and the insecure file upload feature, which may allow unauthenticated attackers ...

9.8CVSS6.1AI score0.00589EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/05/11 12:0 a.m.97 views

📄 Cisco ISE 2.2 Remote Code Execution

This Metasploit module exploits an unauthorized file upload vulnerability in Cisco ISE. A ZIP file containing a JSP file with a manipulated path path traversal is uploaded. The webshell is then extracted to the webapps folder...

10CVSS7.5AI score0.09805EPSS
Exploits3
Veracode
Veracode
added 2026/05/06 8:26 a.m.11 views

Insecure File Permissions

Claude SDK for TypeScript is vulnerable to insecure file permissions. The vulnerability is due to the BetaLocalFilesystemMemoryTool creating memory files and directories with world-readable and world-writable permissions, where a local attacker on a shared host could read persisted agent state, a...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.8 views

RHCOS 3 : OpenShift Container Platform 3.11.394 (RHSA-2021:0637)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory. - ant: insecure temporary file vulnerability CVE-2020-1945 - jenkins-2-plugins/subversion: XML parser is not preventing XML external...

8CVSS6.8AI score0.08235EPSS
Exploits1References41
Rows per page
Query Builder