CVE-2026-27788

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

CVE-2026-45927

The CVE-2026-45927 issue affects the Linux kernel BPF subsystem. bpf_map_get_info_by_fd caches the hash of a map regardless of its frozen state, enabling a TOCTOU where a trusted loader could compare an older hash after a map is modified but before freezing. The fix returns -EPERM when the hash i...

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-26101

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

EUVD-2014-1498

Malware in sbrugna...

EUVD-2020-17428

Malware in sbrugna...

EUVD-2018-5835

Malware in sbrugna...

CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue...

Azure Linux 3.0 Security Update: python3 (CVE-2023-6597)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6597 advisory. - An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7,...

CVE-2024-30369

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in...

ROS-20231031-01

A vulnerability in the Runc isolated container launch tool is related to improper saving of permissions. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. Vulnerability in the Runc isolated container too...

PT-2023-22938 · Unknown · S Assistant

Name of the Vulnerable Software and Affected Versions: SAssistant versions prior to 8.7 Description: The issue allows local attackers to access backup data in SAssistant due to an improper preservation of permissions. This enables unauthorized access to sensitive information. Recommendations: For...

The vulnerability of the update downloaders for Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems allows a hacker to gain access to read, modify, or delete files.

The vulnerability of the update downloaders of Mozilla Firefox, Firefox ESR, and the email client Thunderbird on Windows operating systems is related to errors in the use of standard permissions when creating directories. Exploiting this vulnerability can allow an attacker to gain access to, read...

Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme

h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...

UBUNTU-CVE-2020-6502

Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...

Unspecified Vulnerability in Intel PROSet/Wireless WiFi Software

Intel PROSet/Wireless WiFi Software is a wireless network card driver from Intel USA. An unspecified vulnerability exists in Intel PROSet/Wireless WiFi Software, which arises from the program not assigning the correct permissions to a directory. An attacker could use this vulnerability to cause a...

The vulnerability of Google Chrome, related to errors in managing permissions, privileges, and access control, allows a perpetrator to gain access to files in the local file system using a specially created extension.

The vulnerability of Google Chrome relates to errors in the frame navigation function of Blink. Exploiting this vulnerability can allow an attacker to gain access to files on the local file system using a specially created extension...

happybox.fun XSS vulnerability

Open Bug Bounty ID: OBB-657076 Description| Value ---|--- Affected Website:| happybox.fun Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

quiz.wowbox.fun XSS vulnerability

Open Bug Bounty ID: OBB-655387 Description| Value ---|--- Affected Website:| quiz.wowbox.fun Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...