CVE-2026-27788

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

CVE-2026-45927

In CVE-2026-45927, the Linux kernel BPF path bpf_map_get_info_by_fd caches the map hash regardless of the map’s frozen state, enabling a TOCTOU where a loader could verify a stale hash before freezing contents. The fix returns -EPERM if the map is not frozen when the hash is requested, ensuring t...

TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions

A flaw was found in TigerVNC's x0vncserver component. Due to incorrect permissions in the Image.cxx file, other users on the system can observe or manipulate the screen contents of a running session. This vulnerability could also lead to an application crash, resulting in a Denial of Service DoS...

CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-26101

Incorrect Permission Assignment for Critical Resource in Owl opds 2.2.0.4 allows File Manipulation via a crafted network request...

EUVD-2018-5835

Malware in sbrugna...

EUVD-2014-1498

Malware in sbrugna...

EUVD-2020-17428

Malware in sbrugna...

CVE-2025-53945 apko has incorrect permission (0666) in /etc/ld.so.cache and other files

apko allows users to build and publish OCI container images built from apk packages. Starting in version 0.27.0 and prior to version 0.29.5, critical files were inadvertently set to 0666, which could likely be abused for root escalation. Version 0.29.5 contains a fix for the issue...

Azure Linux 3.0 Security Update: python3 (CVE-2023-6597)

The version of python3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6597 advisory. - An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7,...

CVE-2024-30369

A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in...

ROS-20231031-01

A vulnerability in the Runc isolated container launch tool is related to improper saving of permissions. Exploitation of the vulnerability allows an attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. Vulnerability in the Runc isolated container too...

PT-2023-22938 · Unknown · S Assistant

Name of the Vulnerable Software and Affected Versions: SAssistant versions prior to 8.7 Description: The issue allows local attackers to access backup data in SAssistant due to an improper preservation of permissions. This enables unauthorized access to sensitive information. Recommendations: For...

Jira Service Desk permissions error dialog allows Project Admins to upgrade the permission scheme

h3. Issue Summary For a specific use case, only some selected users may create issues using the Portal, so the permission to create issues by "Service Desk Customer - Portal" was removed. After the Permission change, Project Administrators, that should not have access to change the...

UBUNTU-CVE-2020-6502

Incorrect implementation in permissions in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...

Unspecified Vulnerability in Intel PROSet/Wireless WiFi Software

Intel PROSet/Wireless WiFi Software is a wireless network card driver from Intel USA. An unspecified vulnerability exists in Intel PROSet/Wireless WiFi Software, which arises from the program not assigning the correct permissions to a directory. An attacker could use this vulnerability to cause a...

happybox.fun XSS vulnerability

Open Bug Bounty ID: OBB-657076 Description| Value ---|--- Affected Website:| happybox.fun Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

quiz.wowbox.fun XSS vulnerability

Open Bug Bounty ID: OBB-655387 Description| Value ---|--- Affected Website:| quiz.wowbox.fun Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Error: "FullAdmin or MachineAdmin Permission Required" in XenDesktop Setup Wizard

XenDesktop setup wizard fails with permissions error. "XenDesktop FullAdmin or MachineAdmin permission required"...

LXD Container Data Read Vulnerability

LXD is a container for managing applications on Linux-based systems. LXD fails to properly set permissions when creating ZFS pool-based loops, allowing a local attacker to exploit the vulnerability to copy and read data from arbitrary LXD containers...