CVE-2026-9490

Affected product: Acer Care Center (ACC Svc). The vulnerability arises because the ACCSvc service creates a Named Pipe with a weak security descriptor, permitting an authenticated local user to connect and send a crafted message (type 0x03). This can trigger the service to crash with exit code 10...

Astra Linux - уязвимость в targetcli-fb

Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/target and for the backup directory and backup files...

CVE-2025-10549

EfficientLab Controlio before v1.3.95 contains a DLL hijacking vulnerability caused by weak folder permissions in the installation directory. A local attacker can place a specially crafted DLL in this directory and achieve arbitrary code execution with highest privileges, because the affected...

CVE-2025-10549

CVE-2025-10549 : DLL hijacking in EfficientLab Controlio before v1.3.95 due to weak permissions in the installation directory. A local attacker can drop a crafted DLL and achieve arbitrary code execution with SYSTEM privileges because the service runs as NT AUTHORITY\SYSTEM. Affects EfficientLab ...

EfficientLab Controlio 代码问题漏洞

EfficientLab Controlio is a management software developed by EfficientLab for monitoring employee behavior and analyzing work efficiency. Versions of EfficientLab Controlio prior to 1.3.95 contained code vulnerabilities. These vulnerabilities were caused by weak permissions in the installation...

CVE-2021-27032

Autodesk Licensing Installer was found to be vulnerable to privilege escalation issues. A malicious user with limited privileges could run any number of tools on a system to identify services that are configured with weak permissions and are running under elevated privileges. These weak permissio...

CVE-2026-2026

The CVE-2026-2026 entry concerns the Nessus Agent for Windows with weak file permissions in its installation directory, allowing unauthorized access that can lead to Denial of Service. Reported CVSS metrics indicate a Local attack with Low privilege required and No user interaction, contributing ...

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

[R1] Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability

R1 Nessus Agent Versions 11.0.4 and 11.1.2 Fix One Vulnerability Arnie Cabral Thu, 02/12/2026 - 10:40 A vulnerability has been identified where weak file permissions in the Nessus Agent directory on Windows hosts could allow unauthorized access, potentially permitting Denial of Service DoS attack...

LinuxPrivEscToolkit

🛡️ Linux Privilege Escalation Toolkit !Pythonhttps://img.s...

Rockstar Games Launcher security vulnerability

Rockstar Games Launcher is a game launcher developed by Rockstar Games, Inc. Version 1.0.37.349 of Rockstar Games Launcher has a security vulnerability. This vulnerability stems from weak permissions for the service executable file, which may lead to an elevation of privileges...

MiracleLinux 8 : targetcli-2.1.53-1.el8 (AXSA:2020-1067:05)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-1067:05 advisory. targetcli: weak permissions for /etc/target and backup files CVE-2020-13867 Tenable has extracted the preceding description block directly from the...

MiracleLinux 8 : python-rtslib-2.1.73-2.el8 (AXEA:2021-1213:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXEA:2021-1213:01 advisory. - Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile instead of shutil.copy is used, and thus...

CVE-2023-31468

An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 Runtime RT7.3 RC3 20221209.5. The "%PROGRAMFILESX86%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version...

CVE-2022-37030

Weak permissions on the configuration file in the PAM module in Grommunio Gromox 0.5 through 1.x before 1.28 allow a local unprivileged user in the gromox group to have the PAM stack execute arbitrary code upon loading the Gromox PAM module...

CVE-2017-18422

In cPanel before 66.0.2, EasyApache 4 conversion sets weak domlog ownership and permissions SEC-272...

CVE-2017-18425

In cPanel before 66.0.2, the cpdavderrorlog file can be created with weak permissions SEC-280...

CVE-2019-20843

An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files...

CVE-2024-34474

Clario through 2024-04-11 for Desktop has weak permissions for %PROGRAMDATA%\Clario and tries to load DLLs from there as SYSTEM...

CVE-2019-16061

A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are granted weak world-readable and world-writable permissions, allowing any low privileged user with access to the system to read sensitive data e.g., .htpasswd and create/modify/delete content e.g., under /var/www/html/docs with...