27 matches found
CVE-2026-29179
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
CVE-2026-42843 grav-plugin-api: Grav API Privilege Escalation to Super Admin
Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin UsersController::update allows any...
EUVD-2018-19638
Malware in sbrugna...
EUVD-2020-6276
Malware in sbrugna...
EUVD-2021-26348
Malware in sbrugna...
CVE-2025-20997
Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch...
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...
CVE-2020-14117
A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content...
CVE-2024-8039
Improper permission configurationDomain configuration vulnerability of the mobile application com.afmobi.boomplayer can lead to account takeover risks...
Design/Logic Flaw
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...
CVE-2023-51650 Unauthorized access vulnerability on three interfaces
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...
Information Disclosure
github.com/goreleaser/nfpm is vulnerable to Information Disclosure. The vulnerability exists due to improper permission configuration in files and folders which allows an attacker access to the package on the file system...
CVE-2022-23139
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...
Design/Logic Flaw
ZTE's ZXMP M721 product has a permission and access control vulnerability. Since the folder permission viewed by sftp is 666, which is inconsistent with the actual permission. It’s easy for?users to?ignore the modification?of?the file permission configuration, so that low-authority accounts could...
Xiaomi Content Center APP incorrect permission configuration vulnerability
Xiaomi Content Center Xiaomi Content Center is a content center of Xiaomi China, Inc. An incorrect permission configuration vulnerability exists in Xiaomi Content Center APP, which is caused by the lack of proper permission validation in Xiaomi Content Center APP, and can be exploited by attacker...
CVE-2020-14117
CVE-2020-14117 pertains to Xiaomi Content Center APP and is linked across multiple sources. The issue is described as an improper permission configuration caused by lack of correct permission verification within the Xiaomi Content Center APP, enabling attackers to invoke sensitive component funct...
CVE-2021-37107
There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access...
CVE-2021-39992
CVE-2021-39992 affects Huawei EMUI (Android-based) via a vulnerability in ACPU caused by a security privilege misconfiguration. The issue potentially allows code execution with high impact on confidentiality, integrity, and availability, given the CVSS 3.1 metrics (LOCAL access, LOW privileges re...
The vulnerability of the Elastic App Search application discovery tool, related to incorrect permission configuration, allows a violator to increase their privileges.
The vulnerability of the Elastic App Search application discovery tool is related to the improper assignment of permissions for API keys. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
Node.js 12.x < 12.22.2 / 14.x < 14.17.2 / 16.x < 16.4.1 Multiple Vulnerabilities
The version of Node.js installed on the remote host is prior to 12.22.2, 14.17.2, 16.4.1. It is, therefore, affected by multiple vulnerabilities as referenced in the July 2021 Security Releases advisory. - Node.js is vulnerable to out-of-bounds read in libuv's uvidnatoascii function which is used...