PT-2026-42152

Missing Authorization vulnerability in WP Chill Image Photo Gallery Final Tiles Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Image Photo Gallery Final Tiles Grid: from n/a through 3.6.11...

CVE-2026-5397 Vulnerability Related to an Uncontrolled Search Path Element in a UPS Management Application

It has been identified that a vulnerability CWE-427 exists in the UPS Uninterruptible Power Supply management application, whereby improper permissions on the installation directory allow a malicious actor to place a DLL that is then executed with administrator privileges. If a malicious DLL is...

CVE-2026-30244 Plane: Unauthenticated Workspace Member Information Disclosure

Plane is an an open-source project management tool. Prior to version 1.2.2, unauthenticated attackers can enumerate workspace members and extract sensitive information including email addresses, user roles, and internal identifiers. The vulnerability stems from Django REST Framework permission...

Plane 访问控制错误漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.2 contained a access control vulnerability, which stemmed from incorrect configuration of the Django REST Framework’s permission classes. This allowed anonymous access to...

PT-2026-23619

Name of the Vulnerable Software and Affected Versions Plane versions prior to 1.2.2 Description An issue exists in Plane that allows unauthenticated attackers to enumerate workspace members and extract sensitive information, including email addresses, user roles, and internal identifiers. This is...

WordPress plugin WP Adminify has a vulnerability related to information leakage.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that extends the...

CVE-2025-36228 Incorrect Execution-Assigned Permissions in IBM Aspera Faspex

IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse...

CVE-2019-25245

Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a...

CVE-2025-58097

The installation directory of LogStare Collector is configured with incorrect access permissions. A non-administrative user may manipulate files within the installation directory and execute arbitrary code with the administrative privilege...

EUVD-2017-10640

Malware in sbrugna...

EUVD-2022-28209

Malicious code in bioql PyPI...

EUVD-2021-30264

Malicious code in bioql PyPI...

EUVD-2022-28842

Malicious code in bioql PyPI...

Tenable Network Monitor Elevation of Privilege Vulnerability

Tenable Network Monitor is an open source system vulnerability scanner developed by Tenable Inc. in the United States, mainly used for network vulnerability scanning and security assessment. Tenable Network Monitor suffers from an elevation of privilege vulnerability, which stems from improperly...

WordPress plugin GiveWP 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information...

PocketBook InkPad Color 3 安全漏洞

PocketBook InkPad Color 3 is a waterproof e-reader with a color display from PocketBook. It is used for reading eBooks, playing audiobooks, and more. A security vulnerability exists in the PocketBook InkPad Color 3 U743k version 3.6.8.3671, which stems from a misconfiguration of Sudo permissions...

PocketBook InkPad Color 3 安全漏洞

PocketBook InkPad Color 3 is a waterproof e-reader with a color display from PocketBook. It is used for reading eBooks, playing audiobooks, and more. A security vulnerability exists in the PocketBook InkPad Color 3 U743k version 3.6.8.3671, which stems from a misconfiguration of permissions and...

CVE-2025-27154 Spotipy's cache file, containing spotify auth token, is created with overly broad permissions

Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has rw-r--r-- 644 permissions by default, when it could be locked down to rw------- 600 permissions. This leads to overly...

PT-2025-4056 · Microworld · Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Antivirus version 7.0.32 Description: The issue affects the Quarantine Handler component, specifically the file /var/Microworld/, leading to incorrect default permissions. This can be exploited locally, and the exploit has be...

Grafana 安全漏洞

Grafana is a set of open source monitoring tools from Grafana open source that provides a visual monitoring interface. The tool is primarily used to monitor and analyze Graphite, InfluxDB, and Prometheus, among others. Grafana suffers from a security vulnerability that stems from incorrect...