CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

Suprema BioStar 安全漏洞

Suprema BioStar is a web-based, open-integrated security platform developed by the South Korean company Suprema. It offers comprehensive features for access control, attendance management, visitor management, and video log maintenance. There were security vulnerabilities in the versions of Suprem...

ILM Informatique OpenConcerto 安全漏洞

ILM Informatique OpenConcerto is a business management software suite developed by the French company ILM Informatique. Version 1.7.5 of ILM Informatique OpenConcerto contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading...

CVE-2026-22768

Dell AppSync, versions 4.6.0, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

EUVD-2026-10614

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally...

CVE-2026-3315

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33...

CVE-2026-3315

Incorrect Default Permissions, : Execution with Unnecessary Privileges, : Incorrect Permission Assignment for Critical Resource vulnerability in ASSA ABLOY Visionline on Windows allows Configuration/Environment Manipulation.This issue affects Visionline: from 1.0 before 1.33...

PT-2026-24285

Name of the Vulnerable Software and Affected Versions Windows versions prior to March 10, 2026 Patch Tuesday Description An improper permission assignment within the Windows Accessibility Infrastructure ATBroker.exe allows an authorized attacker to elevate privileges locally. The issue stems from...

PT-2026-24197

Name of the Vulnerable Software and Affected Versions ASSA ABLOY Visionline versions prior to 1.33 Description An issue exists in ASSA ABLOY Visionline that allows for configuration or environment manipulation due to incorrect default permissions, leading to execution with unnecessary privileges...

ASSA ABLOY Visionline 安全漏洞

ASSA ABLOY Visionline is a public area access control management platform developed by ASSA ABLOY Japan. Versions of ASSA ABLOY Visionline prior to version 1.33 contained security vulnerabilities. These vulnerabilities were caused by incorrect default permissions on Windows, execution of...

EUVD-2025-208252

IBM Storage Scale IBM S through rage Scale 5.2.3.0 - 5.2.3.5, and IBM S through rage Scale 6.0.0.0 - 6.0.0.1 could allow a local user to unintentionally trigger additional permissions for resources in a way that allows that resource to be executed by unintended actors...

Owl Cyber Defense OPDS 安全漏洞

Owl Cyber Defense OPDS is a network isolation device developed by Owl Cyber Defense Corporation in the United States. Version 2.2.0.4 of Owl Cyber Defense OPDS contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading to fil...

CVE-2025-13941 Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which...

Salesforce Agentforce Vibes Extension 安全漏洞

Salesforce Agentforce Vibes Extension is an AI-coded agent extension from Salesforce USA. A security vulnerability exists in Salesforce Agentforce Vibes Extension versions prior to 3.2.0, which stems from improper assignment of critical resource permissions and could lead to tampering with writab...

MediaWiki - Lockdown Extension 安全漏洞

MediaWiki - Lockdown Extension is an open source permission control extension for MediaWiki. A security vulnerability exists in MediaWiki - Lockdown Extension versions up to and including version 1.42, which stems from an improper assignment of critical resource permissions and could lead to...

EUVD-2010-5242

Malware in sbrugna...

EUVD-2024-3361

Malicious code in bioql PyPI...

Netwrix Directory Manager 安全漏洞

Netwrix Directory Manager is a group and user management software from Netwrix. A security vulnerability exists in Netwrix Directory Manager v.11.0.0.0 and prior and subsequent v.11.1.25134.03 versions, which stems from improper assignment of critical resource permissions...

CVE-2025-4412

CVE-2025-4412 concerns macOS: an attacker can use a Launch Agent to load viscosity_openvpn from the Viscosity app bundle and induce a dynamic library load under Viscosity’s TCC identity. This grants limited resource access without entitlements (e.g., not granting camera/mic); access to other reso...

Tridium Niagara Framework和Tridium Niagara Enterprise Security 安全漏洞

Tridium Niagara Framework and Tridium Niagara Enterprise Security are both products of Tridium, Inc.Tridium Niagara Framework is a comprehensive software infrastructure that solves the challenges of creating appliance to enterprise applications. Tridium Niagara Enterprise Security is a...