CVE-2026-4290

The WP Travel Pro plugin for WordPress is vulnerable to arbitrary user deletion via the /wp-json/wp-travel/v1/travel-guide/userid REST API endpoint in all versions up to, and including, 10.6.0. This is due to the checkpermission callback unconditionally returning true and the Database::delete...

EUVD-2026-20998

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

EUVD-2008-0740

Malware in sbrugna...

Google Android Privilege Permission and Access Control Vulnerability (CNVD-2019-41024)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in System in Android versions 8.1 and 9, which stems from a lack of effective permission granting and access control measures in a networked system or product. An...

Apple iOS v10.3 - UI SMS Access Permission Vulnerability

Document Title: =============== Apple iOS v10.3 - UI SMS Access Permission Vulnerability References: =========== https://www.vulnerability-lab.com/getcontent.php?id=2079 Video: https://www.youtube.com/watch?v=jePRogkoon8 Advisory: https://www.vulnerability-lab.com/getcontent.php?id=2078...

EulerOS 2.0 SP1 : subscription-manager, python-rhsm (EulerOS-SA-2016-1069)

According to the version of the subscription-manager, python-rhsm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was found that subscription-manager set weak permissions on files in /var/lib/rhsm/, causing an information disclosur...

CVE-2016-4645

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors...

IBM DB2 'nodes.reg' Permission Weakness Vulnerability

The host is running IBM DB2 and is prone to permission weakness vulnerability. OpenVAS Vulnerability Test $Id: gbibmdb2nodespermweakvuln.nasl 5963 2017-04-18 09:02:14Z teissa $ IBM DB2 'nodes.reg' Permission Weakness Vulnerability Authors: Madhuri D Copyright: Copyright c 2012 Greenbone Networks...

IBM Db2 'nodes.reg' Permission Weakness Vulnerability

IBM Db2 is prone to a permission weakness vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ibm:db2"; ifdescription...

Mac OS X < 10.4 pty Permission Weakness

The remote host is running a version of Mac OS X which is older than version 10.4. Versions older than 10.4 contain a security issue in the way they handle the permissions of pseudo terminals. When an application uses a new pseudo terminal, it can not restrict its permissions to a safe mode. As a...

AJ-Fork Permission Weakness Information Disclosure

Binary data 2342.prm...

Basilix Webmail tmp Directory Permission Weakness Attachment Disclosure

The remote host appears to be running a BasiliX version 1.1.0 or lower. Such versions save attachments by default under '/tmp/BasiliX', which is world-readable and apparently never emptied by BasiliX itself. As a result, anyone with shell access on the affected system or who can place CGI files o...

Microsoft Windows SMB Registry : NT MTS Package Administration Registry Key Permission Weakness

The registry key HKLM\SOFTWARE\Microsoft\Transaction Server\Packages can be modified by users not in the admin group. Write access to this key allows an unprivileged user to gain additional privileges. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11867;...

Microsoft Windows SMB Registry : SFCDisable Key Permission Weakness

The registry key HKLM\SOFTWARE\Microsoft\Windows NT\WinLogon\SFCDisable has its value set to a value other than 0 or 4. Any value other than 0 or 4 disables the Windows File Protection, which allows any user on the remote host to view / modify any file he wants. This probably means that this host...

Microsoft Windows SMB Registry : Schedule Key Permission Weakness Local Privilege Escalation

The registry key SYSTEM\CurrentControlSet\Services\Schedule is writeable by users who are not in the admin group. Since the scheduler runs with SYSTEM privileges, this allow a malicious user to gain these privileges on this system. C Tenable Network Security, Inc. include"compat.inc"; if...

Microsoft Windows SMB Registry : Key Permission Weakness Admin Privilege Escalation

The following keys contain the name of the program that shall be started when the computer starts. The users who have the right to modify them can easily make the admin run a Trojan program that will give them admin privileges. C Tenable Network Security, Inc. include"compat.inc"; if description...