CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

CVE-2026-9053

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

EUVD-2026-31401

Mothra would respect a default value given by a website for HTML file upload forms. An attacker could craft a website with a malicious default file path, and then conceal this form element...

CVE-2025-64642 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: dde-daemon (UTSA-2025-986193)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-986193 advisory. default-file-manager5.13.84-1x8664 1 Tenable has extracted the preceding description block directly from the Unity Linux security advisory. Note that Nessus has not...

Default mimetype known files writeable on Windows

...

CVE-2025-41658

CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions...

CODESYS Runtime Toolkit 安全漏洞

CODESYS Runtime Toolkit is a comprehensive software development kit for programmable controllers from CODESYS, Germany. It is used to transform embedded platforms or industrial PCs into controllers and supports secondary development. A security vulnerability exists in CODESYS Runtime Toolkit, whi...

CVE-2022-21704

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...

CVE-2021-21355

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, default...

Correctly Configure the Default File Permission For rsyslog

Log files record system behaviors. The rsyslog log tool records logs in specified files. When the specified log file does not exist in the system, rsyslog creates a log file. The permission of the created log file can be configured in the rsyslog configuration file. The configuration of the defau...

CVE-2022-27562

Unsafe default file type filter policy in HCL Domino Volt allows upload of .html file and execution of unsafe JavaScript in deployed applications...

HCL Domino Volt 安全漏洞

HCL Domino Volt is a low-code application development solution based on the Domino platform from HCL India. A security vulnerability exists in HCL Domino Volt, which stems from an insecure default file type filtering policy that could lead to the execution of malicious JavaScript...

CVE-2022-44760

Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications...

CVE-2024-13538

The BigBuy Dropshipping Connector for WooCommerce plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.9.19. This is due the /vendor/cocur/slugify/bin/generate-default.php file being directly accessible and triggering an error. This makes it possible...

Cisco Industrial Network Director 安全漏洞

Cisco Industrial Network Director IND is an industrial automation management system from the American company Cisco. The system automates the management of industrial Ethernet infrastructure by visualizing its operation. Cisco Industrial Network Director has a security vulnerability that stems fr...

CVE-2024-8533

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges...

CVE-2024-8533

A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges...

CVE-2024-8533

The CVE-2024-8533 issue affects Rockwell Automation OptixPanel products (e.g., 2800C OptixPanel Compact, 2800S OptixPanel Standard, Embedded Edge Compute Module). The vulnerability stems from improper default file permissions in the affected software, enabling credential exfiltration and privileg...

Rockwell Automation多款产品 安全漏洞

Rockwell Automation 2800C OptixPanel Compact and others are products of Rockwell Automation, Inc.Rockwell Automation 2800C OptixPanel Compact is a compact operator panel. Rockwell Automation 2800S OptixPanel Standard is a standard operator panel.Rockwell Automation Embedded Edge Compute Module is...