EUVD-2021-34847

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

CVE-2021-4480 Dräger Protector Software Local Privilege Escalation via Insecure File Permissions

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

PT-2026-45861

Name of the Vulnerable Software and Affected Versions Dräger Protector Software versions prior to 6.4.2 Description Insecure file system permissions allow local attackers to execute arbitrary code with elevated privileges. This is achieved by replacing binaries or loaded modules on the host syste...

CVE-2026-6499

CVE-2026-6499 affects OpenConcerto 1.7.5. The issue is described as an Incorrect Permission Assignment for Critical Resource vulnerability that could allow Replace Binaries. CVSS v4.0 metrics: AV:L, AC:L, PR:L, UI:P, S:U, C:N/I:N/A:N with VU: none/low; base score 2.4 (LOW). Exploitation status is...

EUVD-2025-25955

Malicious code in bioql PyPI...

CYRISMA Sensor 安全漏洞

CYRISMA Sensor is a scanning and detection component from CYRISMA USA. A security vulnerability exists in versions prior to CYRISMA Sensor 444, which stems from insecure folder and file permissions that could allow a low-privileged user to elevate privileges by replacing binaries and executing...

CVE-2025-55582

D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script mydlink-watch-dog.sh, which blindly respawns binaries such as dcp and signalc without verifying integrity, authenticity, or permissions. An attacker with local filesystem access via physical access, firmware...

CVE-2023-7235

The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables...

CVE-2021-43986

The setup program for the affected product configures its files and folders with full access, which may allow unauthorized users permission to replace original binaries and achieve privilege escalation...

msystem Remote Code Execution Vulnerability

msystem is a package used in Node.js for downloading and installing the MyStem morphological text analyzer. A security vulnerability exists in msystem that originates when the program downloads binary resources over the HTTP protocol. A remote attacker could exploit the vulnerability by replacing...