CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

125 matches found

RedhatCVE•added 2026/06/05 7:14 p.m.•12 views

CVE-2026-4137

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...

7.8CVSS7.7AI score0.00193EPSS

Exploits1References1

NVD•added 2026/05/26 8:16 a.m.•10 views

CVE-2026-44468

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

8.5CVSS0.00123EPSS

Exploits0References1

EUVD•added 2026/05/26 6:37 a.m.•11 views

EUVD-2026-31798

8.5CVSS5.9AI score0.00123EPSS

Exploits0References1

ATTACKERKB•added 2026/05/26 6:37 a.m.•7 views

CVE-2026-44468

8.5CVSS5.9AI score0.00123EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/05/26 12:0 a.m.•12 views

PT-2026-43196

Name of the Vulnerable Software and Affected Versions CODESYS Development System affected versions not specified Description The software creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary fil...

8.5CVSS5.9AI score0.00123EPSS

Exploits0References4

OSV•added 2026/04/16 1:52 p.m.•6 views

CLSA-2026-1776347560 glib2: Fix of 2 CVEs

CVE-2019-12450: fix insecure file permissions during copy operations - CVE-2019-13012: fix insecure directory and file permissions in keyfile settings backend...

9.8CVSS7.1AI score0.03211EPSS

Exploits0References1

Cvelist•added 2026/03/26 4:54 p.m.•21 views

CVE-2026-33430 Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0 and prior to version 0.3.26, if a developer uses Briefcase to produce an Windows MSI installer for a project, and that project is installed for All Users i.e., per-machine scope, th...

7.3CVSS0.00132EPSS

Exploits0References4

CVE•added 2026/03/26 4:54 p.m.•8 views

CVE-2026-33430

Briefcase (Python) vulnerability CVE-2026-33430 affects Windows MSI installers built with Briefcase before 0.3.26. When a project is installed for All Users, the installer directory inherits the parent’s permissions, potentially allowing a low-privilege user to replace/modify binaries and cause e...

7.3CVSS5.8AI score0.00132EPSS

Exploits0References4Affected Software1

Snyk•added 2026/02/19 5:18 p.m.•2 views

Creation of Temporary File in Directory with Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions due to the use of an insecure temporary directory during snapshot import operations. An attacker can access sensitive information by reading files from the temporary...

4.8CVSS5.9AI score0.00097EPSS

Exploits0References2

RedhatCVE•added 2026/01/09 10:19 a.m.•5 views

CVE-2019-18932

log.c in Squid Analysis Report Generator sarg through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and...

7CVSS6.6AI score0.0025EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:27 a.m.•4 views

CVE-2019-12177

Privilege escalation due to insecure directory permissions affecting ViveportDesktopService in HTC VIVEPORT before 1.0.0.36 allows local attackers to escalate privileges via DLL hijacking...

9.3CVSS7.3AI score0.01396EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:26 a.m.•9 views

CVE-2019-12777

An issue was discovered on the ENTTEC Datagate MK2, Storm 24, Pixelator, and E-Streamer MK2 with firmware 70044update05032019-482. They replace secure and protected directory permissions set as default by the underlying operating system with highly insecure read, write, and execute directory...

7.8CVSS7.1AI score0.00411EPSS

Exploits1References1

Vulnrichment•added 2025/12/02 9:5 p.m.•5 views

CVE-2025-64298 Mirion Medical EC2 Software NMIS BioDose Incorrect Permission Assignment for Critical Resource

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory paths that allow access to the SQL Server database and...

8.6CVSS6.9AI score0.00201EPSS

Exploits0References1

CVE•added 2025/12/02 9:3 p.m.•7 views

CVE-2025-64642

CVE-2025-64642 concerns NMIS/BioDose V22.02 and earlier, where default insecure file permissions on installation directories could allow local users to modify program executables and libraries. Multiple sources (NVD, Red Hat, EUVD, CVE lists, and ICS advisory) describe the issue as an insecure in...

8CVSS6.5AI score0.00099EPSS

Exploits0References1Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2019-3826

Malware in sbrugna...

9.3CVSS7.7AI score0.01396EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•7 views

EUVD-2021-25636

Malware in sbrugna...

10CVSS9AI score0.03123EPSS

Exploits2References4