CVE-2026-35341

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

CVE-2025-35430 CISA Thorium insecure downloaded file path validation

CISA Thorium does not adequately validate the paths of downloaded files via 'downloadephemeral' and 'downloadchildren'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2...

CVE-2019-12645

CVE-2019-12645 concerns Cisco Jabber Client Framework (JCF) for Mac Software used by Cisco Jabber for Mac. Exploitation requires an authenticated, local attacker and relies on improper file-level permissions on the host running JCF for Mac, enabling arbitrary code execution or modification of con...

CVE-2018-14348

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information...

CVE-2014-3800

XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file...