CVE-2026-5321

CVE-2026-5321 affects vanna-ai up to 2.0.2, involving the FastAPI/Flask Server component. The issue allows remote manipulation that can trigger a permissive cross-domain policy with untrusted domains. An exploit has been published and may be used. The vendor was contacted but did not respond. No ...

EUVD-2026-18095

HCL BigFix Platform is affected by insecure permissions on private cryptographic keys. The private cryptographic keys located on a Windows host machine might be subject to overly permissive file system permissions...

CVE-2025-6723

CVE-2025-6723 : Red Hat and NVD entries describe that Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker could interfere with the pipe connection process and exploit insufficient access restrictions to assume the InSpec exec...

CVE-2026-23634 Pepr Overly Permissive RBAC ClusterRole in Admin Mode

Pepr is a type safe K8s middleware. Prior to 1.0.5 , Pepr defaults to a cluster-admin RBAC configuration and does not explicitly force or enforce least-privilege guidance for module authors. The default behavior exists to make the “getting started” experience smooth: new users can experiment with...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-34332 AudioCodes Fax/IVR Appliance <= 2.6.23 Insecure Service Control Scripts LPE

AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 include a web administration component that controls back-end Windows services using helper batch scripts located under C:\F2MAdmin\F2E\AudioCodesfiles\utils\Services. When certain service actions are...

CVE-2025-9364 Rockwell Automation FactoryTalk® Analytics™ LogixAI® Exposed Redis DB

An open database issue exists in the affected product and version. The security issue stems from an over permissive Redis instance. This could result in an attacker on the intranet accessing sensitive data and potential alteration of data...

⚡ Weekly Recap: NFC Fraud, Curly COMrades, N-able Exploits, Docker Backdoors & More

Power doesn't just disappear in one big breach. It slips away in the small stuff—a patch that's missed, a setting that's wrong, a system no one is watching. Security usually doesn't fail all at once; it breaks slowly, then suddenly. Staying safe isn't about knowing everything—it's about acting fa...

CVE-2019-11396

An issue was discovered in Avira Free Security Suite 10. The permissive access rights on the SoftwareUpdater folder files / folders and configuration are incompatible with the privileged file manipulation performed by the product. Files can be created that can be used by an unprivileged user to...

GitLab 13.2 < 13.2.3 (CVE-2020-13291)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - In GitLab before 13.2.3, project sharing could temporarily allow too permissive access. CVE-2020-13291 Note that Nessus has not tested for this issue but has instead relied only on the application's...

CVE-2023-42126

G DATA Total Security GDBackupSvc Service Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the...

CVE-2023-29065 Overly Permissive Access Policy

The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database...

CVE-2023-37410

IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138...

CVE-2023-22813

A device API endpoint was missing access controls on Western Digital My Cloud OS 5 iOS and Anroid Mobile Apps, My Cloud Home iOS and Android Mobile Apps, SanDisk ibi iOS and Android Mobile Apps, My Cloud OS 5 Web App, My Cloud Home Web App and the SanDisk ibi Web App. Due to a permissive CORS...