297 matches found
CVE-2026-13742
Honeywell IQ MultiAccess, all versions prior to and including version 28, contain an improper digital signature verification vulnerability. An attacker could potentially exploit this vulnerability, leading to the replacement of downloaded file with a malicious one. Honeywell also recommends...
CVE-2026-13742
CVE-2026-13742 affects Honeywell IQ MultiAccess, all versions prior to and including 28. The root cause is improper digital signature verification, enabling an attacker with local access and low privileges (no user interaction) to have a downloaded file replaced with a malicious one. CVSS metrics...
CVE-2026-44469
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...
EUVD-2026-31797
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...
PT-2026-43197
Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software extracts installation files to a temporary directory using incorrect default permissions during administrative installation. This allows a low-privileged local...
CVE-2025-58074
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
CVE-2025-58074
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
CVE-2025-58074
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
EUVD-2025-209612
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
CVE-2025-58074 Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
CVE-2025-58074
This CVE concerns Norton Secure VPN installation via the Microsoft Store. A privilege-escalation exists when installing Norton Secure VPN, where an unprivileged user can influence the installation by manipulating a writable 7z payload in C:\ProgramData\NortonInstaller\Settings before setup runs. ...
CVE-2025-58074 Privilege escalation during the installation of Norton Secure VPN via the Microsoft Store
A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user can replace files during the installation process, which may result in deletion of arbitrary files that can lead to elevation of privileges...
Gen Digital Norton Secure VPN 安全漏洞
Gen Digital Norton Secure VPN is a virtual private network service provided by the American company Gen Digital. There is a security vulnerability in Gen Digital Norton Secure VPN, which stems from permission escalation during the installation process through the Microsoft Store. Low-privilege...
ILM Informatique OpenConcerto 安全漏洞
ILM Informatique OpenConcerto is a business management software suite developed by the French company ILM Informatique. Version 1.7.5 of ILM Informatique OpenConcerto contains a security vulnerability, which stems from improper allocation of permissions for critical resources, potentially leading...
ALPINE-CVE-2026-25645
Requests is a HTTP library. Prior to version 2.33.0, the requests.utils.extractzippedpaths utility function uses a predictable filename when extracting files from zip archives into the system temporary directory. If the target file already exists, it is reused without validation. A local attacker...
CVE-2026-30943 Gokapi has Privilege Escalation in File Replace
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
Gokapi vulnerable to Privilege Escalation in File Replace
Summary An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. Impact Any authenticated user...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the file replace API. An attacker can delete files belonging to other users by abusing insufficient authorization checks on the deleteNewFile flag. Note: This is only exploitable if the attacker has permission...