CVE-2021-4481

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

Espanso 2.3.0 Configuration Security Auditor

This Python script implements a security auditing tool for Espanso configuration files. The EspansoSecurityAuditor class scans Espanso match configurations for potentially dangerous shell commands, insecure permissions, and suspicious execution patterns that could indicate malicious automation or...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

PT-2026-44048

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2026-38807

Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component...

CVE-2026-38807

The CVE-2026-38807 entry concerns an insecure permissions vulnerability in kvf-admin v1.0.0 that enables a remote attacker to escalate privileges via the UserController.java component. Affected software is kvf-admin; the root cause is insecure access control in UserController.java leading to unau...

CVE-2026-44468 Incorrect Default Permissions in CODESYS Development System

The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the components to be installed, enabling local privilege escalation by forcing the deployment of arbitrary...

CVE-2026-44468

CVE-2026-44468 affects CODESYS Development System. During administrative installation, the process creates a directory with insecure default permissions, allowing a low‑privileged local attacker to modify a temporary file that defines components to be installed. This enables local privilege escal...

CODESYS Development System 安全漏洞

CODESYS Development System is a set of programming tools developed by the German company CODESYS, used in the fields of industrial controllers and automation technology. There is a security vulnerability in the CODESYS Development System. This vulnerability stems from the use of insecure default...

EUVD-2018-21881

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

CVE-2018-25359 Splinterware System Scheduler Pro 5.12 Privilege Escalation

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

PT-2026-43212

Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can rename the WService.exe file in the installation directory and replace it with a malicious...

Astra Linux - уязвимость в libzstd

Starting from v1.4.1 and before v1.4.9, due to an incomplete fix for CVE-2021-24031, the Zstandard command-line utility created output files with default permissions and then restricted those permissions immediately afterwards. As a result, the output files could temporarily be readable or writab...

CLSA-2026-1779204030 mod_jk: Fix of CVE-2024-46544

CVE-2024-46544: fix insecure file permissions on shared memory and lock files...

Creation of Temporary File With Insecure Permissions

Overview mlflow is a platform to streamline machine learning development, including tracking experiments, packaging code into reproducible runs, and sharing and deploying models. Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the...

Creation of Temporary File With Insecure Permissions

Overview Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions via the getorcreatenfstmpdir and createmodeldownloadingtmpdir functions. An attacker can modify model artifacts by exploiting these permissions, potentially leading to arbitrary code...

Incorrect Permission Assignment for Critical Resource

Overview @steipete/summarize is a Link → clean text → summary. Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the configuration file rewrite process. An attacker can access sensitive credentials by reading files created with overly...

MLFlow Creates a Temporary File With Insecure Permissions

In mlflow/mlflow versions prior to 3.11.0, the getorcreatenfstmpdir function in mlflow/utils/fileutils.py creates temporary directories with world-writable permissions 0o777, and the createmodeldownloadingtmpdir function in mlflow/pyfunc/init.py creates directories with group-writable permissions...