CVE-2026-21765 HCL BigFix Platform is affected by insecure permissions on private cryptographic keys

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

Mattermost allows attackers to take over arbitrary user accounts via overly permissive substring matching flaw

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to properly validate user identity in the OpenID IsSameUser comparison logic, which allows an attacker to take over arbitrary user accounts via an overly permissive substring matching flaw in the user...

EUVD-2026-9362

Pepr Has Overly Permissive RBAC ClusterRole in Admin Mode...

Exposed Training Open the Door for Crypto-Mining in Fortune 500 Cloud Environments

Intentionally vulnerable training applications are widely used for security education, internal testing, and product demonstrations. Tools such as OWASP Juice Shop, DVWA, Hackazon, and bWAPP are designed to be insecure by default, making them useful for learning how common attack techniques work ...

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

CVE-2025-14503

CVE-2025-14503 affects Harmonix on AWS (Harmonix on AWS framework). The issue is an overly-permissive IAM trust policy in the EKS environment provisioning role that trusts the account root principal, potentially enabling any IAM principal within the same AWS account to call sts:AssumeRole and obt...

EUVD-2018-12701

Malware in sbrugna...

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...

Overly Permissive Authorization

aws-cdk-lib is vulnerable to Overly Permissive Authorization. The vulnerability is due to the CDK Construct Library automatically generating an overly permissive AWS IAM trust policy, which allows any user with unrestricted sts:AssumeRole permissions to assume the role...

GHSA-QXRJ-HX23-XP82 Overly permissive origin policy

Currently, the middleware operates in a way that if an allowed origin is not provided, it will return an Access-Control-Allow-Origin header with the value of the origin from the request. This behavior completely disables one of the most crucial elements of browsers - the Same Origin Policy SOP,...

CVE-2023-29065 Overly Permissive Access Policy

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

CVE-2023-46098

A vulnerability has been identified in SIMATIC PCS neo All versions V4.1. When accessing the Information Server from affected products, the products use an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior...

How to Investigate an OAuth Grant for Suspicious Activity or Overly Permissive Scopes

From a user's perspective, OAuth works like magic. In just a few keystrokes, you can whisk through the account creation process and gain immediate access to whatever new app or integration you're seeking. Unfortunately, few users understand the implications of the permissions they allow when they...

CVE-2023-35165

AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. In the packages aws-cdk-lib 2.0.0 until 2.80.0 and @aws-cdk/aws-eks 1.57.0 until 1.202.0, eks.Cluster and eks.FargateCluster...

Overly Permissive Trust Policies

aws-cdk is vulnerable to Overly Permissive Trust Policies. The vulnerability exists because the library's CreationRole and the default MastersRole use the account root principal in their trust policy, which allows eks.Cluster and eks.FargateCluster construct clusters to create two roles that have...

PT-2023-13367 · Dell · Dell Supportassist

Name of the Vulnerable Software and Affected Versions: Dell SupportAssist for Home PCs versions 3.11.2 and prior Description: The issue is related to an Overly Permissive Cross-domain Whitelist, which could allow an authenticated non-admin user to potentially exploit it and obtain sensitive...

PT-2022-4663 · Trend Micro · Trend Micro Housecall

Name of the Vulnerable Software and Affected Versions: Trend Micro HouseCall versions 1.62.1.1133 and below Description: The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer...

CVE-2022-33158

Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some overly permissive folders in a key directory which could allow a local attacker to obtain privilege escalation on an affected system...

Cyclades Serial Console Server 3.3.0 Privilege Escalation Vulnerability

Exploit Title: Cyclades Serial Console Server 3.3.0 - Local Privilege Escalation Exploit Author: @ibby Vendor Homepage: https://www.vertiv.com/en-us/ Software Link: https://downloads2.vertivco.com/SerialACS/ACS/ACSv3.3.0-16/FL0536-017.zip Version: Legacy Versions V1.0.0 to V3.3.0-16 Tested on:...