CVE-2026-49385

In JetBrains YouTrack before 2026.1.13570 improper access control allowed low-privileged users to modify service accounts...

CVE-2025-13905

CVE-2025-13905 maps to Schneider Electric EcoStruxure Process Expert (for AVEVA System Platform) with versions prior to 2025 affected. The issue is CWE-276: Incorrect Default Permissions, enabling privilege escalation via a reverse shell when one or more executable service binaries are modified i...

CVE-2025-13905

CWE-276: Incorrect Default Permissions vulnerability exists that could cause privilege escalation through the reverse shell when one or more executable service binaries are modified in the installation folder by a local user with normal privilege upon service restart...

MilleGPG5 security vulnerabilities

MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...

CVE-2025-15065 Data Exposure in Kings Information & Network KESS Enterprise

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared...

CVE-2023-30744

In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the confKey parameter. An attacker can execute arbitrary scripts in the context of the victim's browser session by injecting a malicious payload into this parameter. Note: This is only exploitable if the...

LF Edge eKuiper 跨站脚本漏洞

LF Edge eKuiper is an edge lightweight IoT data analytics software from LF Edge open source. A cross-site scripting vulnerability exists in LF Edge eKuiper versions prior to 2.0.8, which originates from a user with Modify Service privileges being able to inject a cross-site scripting payload into...

CVE-2024-47783

A vulnerability has been identified in SIPORT All versions V3.4.0. The affected application improperly assigns file permissions to installation folders. This could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated...

CVE-2022-47529

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protectio...

Red Hat 访问控制错误漏洞

Red Hat is an operating system from the American company Red Hat, Inc. It provides an open source operating system. A security vulnerability exists in the API documentation URL for Red Hat 3scale, which stems from access without credentials. An attacker could use the vulnerability to view sensiti...

CVE-2016-5787

General Electric GE Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors...