PT-2026-27472

Name of the Vulnerable Software and Affected Versions IDrive versions affected versions not specified Description The id service.exe process operates with elevated privileges and routinely reads files located in the C:ProgramDataIDrive directory. These files, encoded in UTF16-LE, are used as...

CVE-2025-15561

An attacker can exploit the update behavior of the WorkTime monitoring daemon to elevate privileges on the local system to NT Authority\SYSTEM. A malicious executable must be named WTWatch.exe and dropped in the C:\ProgramData\wta\ClientExe directory, which is writable by "Everyone". The...

CVE-2025-56802

The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is...

CVE-2025-40889

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

CVE-2025-40889

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

EUVD-2025-32870

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

CVE-2025-40889

CVE-2025-40889 involves a path traversal in Nozomi Networks Guardian/CMC Time Machine functionality caused by inadequate validation of two input parameters. An authenticated user with limited privileges can craft requests to potentially alter file structures/content in the /data directory or affe...

CVE-2025-40889 Path traversal in Time Machine functionality in Guardian/CMC before 25.2.0

A path traversal vulnerability was discovered in the Time Machine functionality due to missing validation of two input parameters. An authenticated user with limited privileges, by issuing a specifically-crafted request, can potentially alter the structure and content of files in the /data folder...

PT-2025-40992

Name of the Vulnerable Software and Affected Versions Time Machine affected versions not specified Description A path traversal issue exists in the Time Machine functionality because of inadequate input validation of two parameters. An authenticated user with limited privileges can potentially...

EUVD-2025-30189

Malicious code in bioql PyPI...

CVE-2025-53947 Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Default Permissions

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content...

CVE-2025-53947 Cognex In-Sight Explorer and In-Sight Camera Firmware Incorrect Default Permissions

A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to modify its content...

CVE-2025-53947

CVE-2025-53947 affects Cognex In-Sight Explorer and Cognex In-Sight Camera Firmware. The root cause is incorrect default/weak permissions on a data folder, enabling a local attacker with low privileges to modify its content and corrupt sensitive data. The vulnerability is local and requires minim...

PT-2025-38485

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A local attacker with low privileges on the Windows system where the software is installed can corrupt sensitive data. A data folder is created with weak privileges, allowing any user logged...

CVE-2024-50804

MSI Center Pro 2.1.37.0 contains an insecure permissions vulnerability that permits a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file located in C:\ProgramData\MSI\One Dragon Center\Data. Affected component: MSI Center Pro; root cause: improper access control on a da...

GHSA-MVRM-FH8Q-6WR2 Remote Code Execution via path traversal bypass in lollms

CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the ExtensionBuilder.buildextension function. The vulnerability arises from the /mountextension endpoint, where a path traversal issue allows attackers to navigate beyond the intended directory structure...

PT-2023-2595 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.6.0 Description: The issue is related to errors in handling symbolic links within the settings.DataFolder variable in the Docker Desktop for Windows platform. This can allow a remote attacker to gain read,...

BlogEngine 输入验证错误漏洞

BlogEngine is an open source ASP.NET blog system . The system supports Ajax comments, custom themes and so on. BlogEngine.NET v3.3.8.0 version of a security vulnerability , the vulnerability stems from the ability to create any folder with the prefix "files" under /AppData/...

CVE-2022-31262

An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as...

CVE-2022-32450

AnyDesk 7.0.9 allows a local user to gain SYSTEM privileges via a symbolic link because the user can write to their own %APPDATA% folder used for ad.trace and chat but the product runs as SYSTEM when writing chat-room data there...