CVE-2026-39454

The CVE-2026-39454 entry concerns SKYSEA Client View and SKYMEC IT Manager from Sky Co., Ltd. Allowing a non-administrative user to place or manipulate files in the product installation folder due to improper access permissions, potentially enabling arbitrary code execution with administrative pr...

Digital Arts i-フィルター 安全漏洞

Digital Arts i-Filter is a harmful website filtering browser developed by the Japanese company Digital Arts. Digital Arts i-Filter has a security vulnerability, which stems from improper file access permission settings. This vulnerability may allow non-administrator users to create or overwrite...

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 1.123.18 and 2.5.0 contained security vulnerabilities. These vulnerabilities were due to improper file access control, which could lead to the reading of sensitive files, credential leaks, and...

EUVD-2025-202178

Umbraco Vulnerable to Improper File Access and Credential Exposure in Dictionary Import Functionality...

Improper File Access

runc is vulnerable to improper file access. The vulnerability is due to insufficient validation of write targets in /proc during concurrent container execution with shared mounts, which allows an attacker to exploit race conditions and redirect writes to unintended procfs files...

Medical Informatics Engineering Enterprise Health 安全漏洞

Medical Informatics Engineering Enterprise Health is a healthcare solution from US-based Medical Informatics Engineering. A security vulnerability exists in Medical Informatics Engineering Enterprise Health that stems from allowing authenticated users to upload arbitrary files, which could result...

CVE-2025-27025 Improper File Access in Infinera G42

The target device exposes a service on a specific TCP port with a configured endpoint. The access to that endpoint is granted using a Basic Authentication method. The endpoint accepts also the PUT method and it is possible to write files on the target device file system. Files are written as root...

CVE-2025-27025

CVE-2025-27025 affects Infinera G42 devices. A service on a TCP port with Basic Authentication allows PUT and GET; directory traversal can write files to arbitrary locations as root and read arbitrary files. This yields full filesystem access and modification. Exploitation status and patches are ...

CVE-2025-27024

CVE-2025-27024 affects Infinera G42, version R6.1.3. The vulnerability arises from improper access control in the SFTP service, allowing remote authenticated users (Network Administrator profile) to read and write OS files outside the chroot, using the same credentials as SSH CLI. Impact is confi...

CVE-2025-27024 Improper File Access in Infinera G42

Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used f...

CVE-2025-27024 Improper File Access in Infinera G42

Unrestricted access to OS file system in SFTP service in Infinera G42 version R6.1.3 allows remote authenticated users to read/write OS files via SFTP connections. Details: Account members of the Network Administrator profile can access the target machine via SFTP with the same credentials used f...

JVN#05562338: Improper file access permission settings in PC Time Tracer

PC Time Tracer provided by Keiyo System Co., LTD contains a vulnerability listed below. Incorrect default permissions CWE-276 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Base Score 7.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Base Score 7.3 CVE-2025-46355 Impact Arbitrary...

CBL Mariner 2.0 Security Update: reaper (CVE-2024-12905)

The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-12905 advisory. - An Improper Link Resolution Before File Access Link Following and Improper Limitation of a Pathname to a...

CVE-2024-23236

A correctness issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be able to read arbitrary files...

CVE-2023-1718

Improper file stream access in /desktopapp/file.ajax.php?action=uploadfile in Bitrix24 22.0.300 allows unauthenticated remote attackers to cause denial-of-service via a crafted "tmpurl"...

Design/Logic Flaw

The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files...

JVN#61849442: PALLET CONTROL vulnerable to arbitrary code execution

PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Impact A user who can login to the computer where the vulnerable product is installed...

The vulnerability of the Windows operating system, which allows a hacker to increase their privileges

The vulnerability of the Windows operating system’s virtual hard disk driver stems from an improper restriction on access to files. Exploiting this vulnerability allows a local attacker to enhance their privileges through a specially created application...

KLA10814 Privilege escalation vulnerability in VMware Player and Workstation

An improper file access was found in VMware products. By exploiting this vulnerability malicious users can gain privileges. This vulnerability can be exploited locally. Original advisories VMware advisory Related products VMware-Workstation VMware-Player CVE list CVE-2016-2077 critical Solution...