4181 matches found
CVE-2026-37452
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSIAPService.exe component...
CVE-2026-37454
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...
CVE-2026-37453
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the MSISERVICE2 pipe...
CVE-2026-37454
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...
CVE-2026-37452
CVE-2026-37452 affects MSI Center’s MSI NBFoundation Service (MSIAPService.exe). The issue arises from insecure permissions on the IPC named pipe . low MSI_SERVICE_2, allowing unauthenticated clients to trigger surface commands that run under SYSTEM. The connected advisories describe an arbitrary...
CVE-2026-37454
CVE-2026-37454 concerns MSI Centre’s MSI NBFoundation Service (MSIAPService.exe) where a 3DES-ECB cipher and a publicly accessible named pipe expose insecure permissions. The vulnerability surface includes the REG command group (read/write/delete HKLM/HKCU keys, enabling persistence and service h...
PT-2026-52578
Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the MSIAPService.exe component allow a remote attacker to obtain sensitive information. Recommendations At the moment, there is no information about a newer...
PT-2026-52568
Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions allow a remote attacker to obtain sensitive information by exploiting the 3DES-ECB encryption method. 3DES-ECB Triple Data Encryption Standard in Electronic Codebo...
CVE-2026-37454
Insecure Permissions vulnerability in MSI NBFoundation Service v.2.0.2506.1201 allows a remote attacker to obtain sensitive information via the 3DES-ECB encryption...
PT-2026-52567
Name of the Vulnerable Software and Affected Versions MSI NBFoundation Service version 2.0.2506.1201 Description Insecure permissions in the service allow a remote attacker to obtain sensitive information through the MSI SERVICE 2 pipe. Recommendations At the moment, there is no information about...
Astra Linux – Vulnerability in libzstd
Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and immediately restricted those permissions afterward. As a result, the output files could temporarily be readable or writable by...
CVE-2026-53856
OpenClaw 2026.4.23 before 2026.4.24 contains an insecure file permissions vulnerability in config recovery that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config...
CVE-2026-53856
OpenClaw before 2026.4.24 contains an insecure file permissions vulnerability in the config recovery flow that restores OpenClaw.json with overly broad permissions. Local attackers on shared hosts can read sensitive configuration data by exploiting the recovery path to access the restored config ...
CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE
Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...
CVE-2026-36720
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...
PT-2026-48166
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...
CVE-2026-36720
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...
CVE-2026-36720
CVE-2026-36720 describes insecure permissions in bookcars v8.3 that allow an authenticated user to escalate privileges from user to admin by modifying their user type. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N) yields a base score of 8.1 ( HIGH ), indicating a high impact on confid...
CVE-2025-67437
Medical Management System a81df1ce700a9662cb136b27af47f4cbde64156b is vulnerable to Insecure Permissions, which allows arbitrary user password reset...
CVE-2026-37709
Insecure Permissions vulnerability in grokability snipe-it v.8.4.0 and before and fixed after 2026-03-10 commit 676a9958 allows a remote attacker to execute arbitrary code via the app/Http/Controllers/Api/UploadedFilesController.php component...