HCL BigFix Platform 安全漏洞

The HCL BigFix Platform is a developed by the Indian company HCL. This platform supports automatic discovery, management, and remediation of endpoint security issues. There are security vulnerabilities in the HCL BigFix Platform, which stem from insecure private encryption key permissions. This m...

CVE-2026-4761 Unnecessary permissions on private keys of certificates installed by Network and Security Wizard

When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. Installations based on Panorama Suite 2025 25.00.004 are vulnerable unless update...

CVE-2026-4761

The CVE-2026-4761 issue affects Windows machines where a certificate and its private key are installed in the certificate store via the Network and Security tool. The underlying problem is that access rights to the private key are unnecessarily granted to the operator group. Affected installation...

CVE-2026-29061

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

CVE-2026-29061 Gokapi: Privilege escalation via incomplete API-key permission revocation on user rank demotion

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, a privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permission...

CVE-2026-29061

Gokapi CVE-2026-29061 summary (based on connected docs): Gokapi is a self-hosted file sharing server. Before version 2.2.3, a privilege-escalation flaw in the user rank demotion logic allows a demoted user’s existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, ...

GHSA-Q658-HFPG-35QC Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

EUVD-2005-4653

Malware in sbrugna...

EUVD-2024-53724

Malicious code in bioql PyPI...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

Security Updates for SimpleHelp < 5.5.8

The version of SimpleHelp running on the remote web server is prior to 5.3.9, or 5.4.x prior to 5.4.10 or 5.5.x prior to 5.5.8. It is, therefore, affected by multiple vulnerabilities: - Allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to...

CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role...

Improper Authorization

org.elasticsearch:elasticsearch is vulnerable to Improper Authorization. The vulnerability is due to the improper validation of API key permissions, allowing a malicious user with a valid API key for a remote cluster configured with new Remote Cluster Security to read arbitrary documents from any...

CVE-2024-24747

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

Code injection

MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for s3: actions, but also admin: actions. Which means unless somewhere above in the access-key hierarchy, the admin rights are denied, access keys will be able t...

Moderate: Red Hat Security Advisory: RHV Appliance (rhvm-appliance) security update [ovirt-4.5.0]

Updated RHV-M Appliance packages that fix several bugs and add various enhancements are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availabl...

USN-5351-2 paramiko vulnerability

USN-5351-1 fixed a vulnerability in Paramiko. This update provides the corresponding update for Ubuntu 16.04 ESM. Original advisory details: Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain...

USN-5351-1 paramiko vulnerability

Jan Schejbal discovered that Paramiko incorrectly handled permissions when writing private key files. A local attacker could possibly use this issue to gain access to private keys...

CVE-2021-27142

An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions...

Debian: Security Advisory (DLA-2480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...