Lucene search
K

4181 matches found

NVD
NVD
added last week6 views

CVE-2026-37452

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...

7.5CVSS0.00398EPSS
Exploits1References2
NVD
NVD
added last week6 views

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

7.5CVSS0.00262EPSS
Exploits1References2
NVD
NVD
added last week6 views

CVE-2026-37453

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...

7.5CVSS0.00398EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/25 12:0 a.m.18 views

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

0.00262EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 12:0 a.m.3 views

CVE-2026-37452

CVE-2026-37452 affects MSI Center’s MSI NBFoundation Service (MSIAPService.exe). The issue arises from insecure permissions on the IPC named pipe . low MSI_SERVICE_2, allowing unauthenticated clients to trigger surface commands that run under SYSTEM. The connected advisories describe an arbitrary...

7.5CVSS5.9AI score0.00398EPSS
Exploits1References2
CVE
CVE
added 2026/06/25 12:0 a.m.7 views

CVE-2026-37454

CVE-2026-37454 concerns MSI Centre’s MSI NBFoundation Service (MSIAPService.exe) where a 3DES-ECB cipher and a publicly accessible named pipe expose insecure permissions. The vulnerability surface includes the REG command group (read/write/delete HKLM/HKCU keys, enabling persistence and service h...

7.5CVSS5.9AI score0.00262EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.6 views

PT-2026-52578

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the MSIAPService.exe component allow a remote attacker to obtain sensitive information. Recommendations At the moment, there is no information about a newer...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52568

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions allow a remote attacker to obtain sensitive information by exploiting the 3DES-ECB encryption method. 3DES-ECB Triple Data Encryption Standard in Electronic Codebo...

7.5CVSS5.8AI score0.00262EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/06/25 12:0 a.m.6 views

CVE-2026-37454

Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...

5.9AI score0.00262EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52567

Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the service allow a remote attacker to obtain sensitive information through the MSI SERVICE 2 pipe. Recommendations At the moment, there is no information about...

7.5CVSS5.8AI score0.00398EPSS
Exploits1References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in libzstd

Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and immediately restricted those permissions afterward. As a result, the output files could temporarily be readable or writable by...

4.7CVSS4.9AI score0.00346EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 7:17 p.m.11 views

CVE-2026-53856

OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config...

5.7CVSS0.00094EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 6:5 p.m.12 views

CVE-2026-53856

OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in the config recovery flow that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config ...

5.7CVSS5.2AI score0.00094EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/15 6:33 p.m.7 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00115EPSS
Exploits0References2
NVD
NVD
added 2026/06/09 7:17 p.m.12 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

8.1CVSS0.00248EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.15 views

PT-2026-48166

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

5.5AI score0.00248EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/09 12:0 a.m.30 views

CVE-2026-36720

Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...

0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 12:0 a.m.14 views

CVE-2026-36720

CVE-2026-36720 describes insecure permissions in bookcars v8.3 that allow an authenticated user to escalate privileges from user to admin by modifying their user type. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) yields a base score of 8.1 ( HIGH ), indicating a high impact on confid...

8.1CVSS5.5AI score0.00248EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.11 views

CVE-2025-67437

Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...

6.5CVSS5.5AI score0.00218EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:45 p.m.9 views

CVE-2026-37709

Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...

9.8CVSS6AI score0.00475EPSS
Exploits0References1
Rows per page
Query Builder