CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/15 8:45 p.m.•2 views

CVE-2026-22676 Barracuda RMM < 2025.2.2 Privilege Escalation via Insecure Directory Permissions

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on the C:\Windows\Automation directory. Attackers can modify existing automation content or place...

8.5CVSS6AI score0.00015EPSS

EUVD•added 2026/04/10 6:31 a.m.•2 views

EUVD-2026-21303

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

6.8CVSS6AI score0.0001EPSS

ATTACKERKB•added 2026/04/10 4:22 a.m.•2 views

CVE-2026-4482

6.8CVSS6AI score0.0001EPSS

CVE•added 2026/04/10 4:22 a.m.•24 views

CVE-2026-4482

CVE-2026-4482 involves installer certificate files in the …/bootstrap/common/ssl folder where Windows permissions are not restricted; specifically, client.key is readable/executable by any locally authenticated standard user. The impact is exposure of agent identity material to unprivileged local...

6.8CVSS6AI score0.0001EPSS

Exploits0References1

Positive Technologies•added 2026/04/10 12:0 a.m.•1 views

PT-2026-31870

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description The installer certificate files within the …/bootstrap/common/ssl folder do not have restricted permissions on Windows systems, allowing users read and execute access. Specifically, the...

6.8CVSS5.9AI score0.0001EPSS

Exploits0References5

CNNVD•added 2026/03/10 12:0 a.m.•3 views

ASSA ABLOY Visionline 安全漏洞

ASSA ABLOY Visionline is a public area access control management platform developed by ASSA ABLOY Japan. Versions of ASSA ABLOY Visionline prior to version 1.33 contained security vulnerabilities. These vulnerabilities were caused by incorrect default permissions on Windows, execution of...

7.8CVSS6AI score0.00016EPSS

Exploits0References1

Cvelist•added 2026/02/06 11:14 p.m.•27 views

CVE-2020-37160 SprintWork 2.3.1 - Local Privilege Escalation

SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to create a new administrative user and gain...

8.5CVSS0.00005EPSS

Vulnrichment•added 2026/02/06 11:14 p.m.•1 views

CVE-2020-37160 SprintWork 2.3.1 - Local Privilege Escalation

8.5CVSS5.5AI score0.00005EPSS

CVE•added 2026/02/06 11:14 p.m.•4 views

CVE-2020-37160

SprintWork 2.3.1 is affected by local privilege escalation due to insecure file, service, and folder permissions on Windows. Affected component: SprintWork executable/related services that allow creation of a new administrative user, leading to full system compromise. Root cause identified as ins...

8.5CVSS5.4AI score0.00005EPSS

ATTACKERKB•added 2026/02/06 11:14 p.m.•1 views

CVE-2020-37160

8.5CVSS5.4AI score0.00005EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2026/01/30 12:24 a.m.•2 views

SUSE CVE-2026-24413

Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the %ProgramData%\icinga2\var folder on Windows. This resulted in the its contents - including the private key of the...

5.5CVSS5.9AI score0.00011EPSS

CNNVD•added 2026/01/29 12:0 a.m.•1 views

Icinga 2 security vulnerabilities

Icinga 2 is an open-source monitoring system developed by Icinga. Versions of Icinga 2 prior to 2.13.14, 2.14.8, and 2.15.2 contained security vulnerabilities. These vulnerabilities were caused by improper Windows folder permission settings, which could allow all local users to access private key...

6.8CVSS5.8AI score0.00011EPSS

NVD•added 2025/12/18 9:15 p.m.•2 views

CVE-2025-13911

The vulnerability affects Ignition SCADA applications where Python scripting is utilized for automation purposes. The vulnerability arises from the absence of proper security controls that restrict which Python libraries can be imported and executed within the scripting environment. The core issu...

7.3CVSS0.00015EPSS

Vulnrichment•added 2025/12/18 8:24 p.m.•1 views

CVE-2025-13911 Inductive Automation Ignition Execution with Unnecessary Privileges

7.3CVSS6.8AI score0.00015EPSS

EUVD•added 2025/11/25 7:20 a.m.•3 views

EUVD-2025-199589

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

4.8CVSS6.7AI score0.00011EPSS

CVE•added 2025/11/19 4:23 p.m.•4 views

CVE-2025-34332

CVE-2025-34332 affects AudioCodes Fax Server and Auto-Attendant IVR appliances up to version 2.6.23. A web administration component runs Windows service actions via helper batch scripts in C:\F2MAdmin\F2E\AudioCodes_files\utils\Services. When service actions are requested through ajaxPost.php, PH...

8.5CVSS6.2AI score0.00031EPSS

Exploits2References4Affected Software2

EUVD•added 2025/11/06 3:31 p.m.•1 views

EUVD-2025-37984

Improper preservation of permissions in Elastic Defend on Windows hosts can lead to arbitrary files on the system being deleted by the Defend service running as SYSTEM. In some cases, this could result in local privilege escalation...

7CVSS6.2AI score0.00012EPSS

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2018-17242

Malware in sbrugna...

9.8CVSS9.5AI score0.01843EPSS