Lucene search
K

31 matches found

EUVD
EUVD
added yesterday6 views

EUVD-2026-40937

The Slim SEO – A Fast & Automated SEO Plugin For WordPress plugin for WordPress is vulnerable to Unauthorized Private Content Disclosure in all versions up to, and including, 4.9.8 via the /wp-json/slim-seo/meta-tags/ai REST API endpoint. This is due to the endpoint's permissioncallback performin...

4.3CVSS5.9AI score0.00257EPSS
Exploits0References8
NVD
NVD
added 2026/05/07 4:16 a.m.13 views

CVE-2026-41657

Admidio is an open-source user management solution. Prior to version 5.0.9, the contactsdata.php endpoint uses a weaker permission check isAdministratorUsers, requiring only roledituser=true than the frontend UI contacts.php which correctly requires the stronger isAdministrator requiring...

4.9CVSS0.00322EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 12:0 a.m.11 views

CVE-2025-53919

The CVE concerns Portrait Dell Color Management (versions through 3.3.008). During installation/uninstallation, it creates a temporary folder with weak permissions, which a local, low-privileged attacker could abuse to elevate privileges. Affected product: Portrait Dell Color Management. Root cau...

7.8CVSS6.2AI score0.00095EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/02/19 12:15 p.m.13 views

CVE-2024-1343

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfilesx86% LaborOfficeFree BackUp'...

5.5CVSS4.5AI score0.00131EPSS
Exploits0References1
Prion
Prion
added 2024/02/19 12:15 p.m.15 views

Directory traversal

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfilesx86% LaborOfficeFree BackUp'...

1CVSS6.7AI score0.00131EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/02/19 11:17 a.m.13 views

CVE-2024-1343 Weak permission vulnerability in LaborOfficeFree

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfilesx86% LaborOfficeFree BackUp'...

4.7CVSS6.5AI score0.00131EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/19 11:17 a.m.17 views

CVE-2024-1343 Weak permission vulnerability in LaborOfficeFree

A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfilesx86% LaborOfficeFree BackUp'...

4.7CVSS4.9AI score0.00131EPSS
Exploits0References1
NVD
NVD
added 2023/07/27 10:15 p.m.32 views

CVE-2022-43701

When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code...

7.8CVSS7.6AI score0.00173EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/05/21 12:0 a.m.28 views

CVE-2023-33251

When Akka HTTP before 10.5.2 accepts file uploads via the FileUploadDirectives.fileUploadAll directive, the temporary file it creates has too weak permissions: it is readable by other users on Linux or UNIX, a similar issue to CVE-2022-41946...

4.7CVSS6AI score0.00151EPSS
Exploits0References1
Veracode
Veracode
added 2022/05/06 1:33 a.m.10 views

Previliage Escalation

ezsystems/ezpublish-kernel is vulnerable to privilege escalation. The vulnerability exists in evaluate function in ObjectStateLimitationType.php due to the weak permission which allows unauthorized user to elevate privileges...

4AI score
Exploits0
OpenVAS
OpenVAS
added 2021/02/22 12:0 a.m.17 views

Huawei EulerOS: Security Advisory for irssi (EulerOS-SA-2021-1306)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.3CVSS4.4AI score0.0039EPSS
Exploits0References2
NVD
NVD
added 2019/07/08 7:15 p.m.18 views

CVE-2019-9630

Sonatype Nexus Repository Manager before 3.17.0 has a weak default of giving any unauthenticated user read permissions on the repository files and images...

7.5CVSS7.6AI score0.01378EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2017/07/14 8:0 p.m.25 views

CVE-2016-4984

/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it...

4.7CVSS4.8AI score0.0015EPSS
Exploits0
CNVD
CNVD
added 2016/11/11 12:0 a.m.5 views

Tencent pigeon sdk application has a design logic vulnerability

Passenger Pigeon XG Push is a mobile App push platform that supports two mainstream platforms, Android and iOS. Tencent pigeon sdk application design logic vulnerabilities. Due to the Tencent pigeon sdk permission filtering is not strict, attackers can use the vulnerability can lead to override...

6.9AI score
Exploits0
0day.today
0day.today
added 2016/09/27 12:0 a.m.35 views

Macro Expert 4.0 - Multiple Privilege Escalations

Exploit for windows platform in category local exploits Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: email protected Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link:...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2016/09/26 12:0 a.m.29 views

Macro Expert 4.0 - Multiple Privilege Escalations

Exploit Title: Macro Expert 4.0 Multiple Elevation of Privilege Date: 26/09/2016 Exploit Author: Tulpa Contact: [email protected] Author website: www.tulpa-security.com Vendor Homepage: http://www.macro-expert.com/ Software Link: http://www.macro-expert.com/download.htm Version: Software...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/06/07 12:0 a.m.13 views

Cisco Unified IP phones 内存块设备弱权限漏洞

No description provided by source...

7.1AI score
Exploits0
NVD
NVD
added 2016/04/20 4:59 p.m.20 views

CVE-2014-9770

tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions for journal files under 1 /run/log/journal/%m and 2 /var/log/journal/%m, which allows local users to obtain sensitive information by reading these files...

3.3CVSS3.3AI score0.00351EPSS
Exploits0References5
securityvulns
securityvulns
added 2015/05/05 12:0 a.m.28 views

librsync weak permission

Weak hash function is used...

5.8CVSS2.1AI score0.02939EPSS
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2014/03/31 12:0 a.m.24 views

IcedTea Web information leakage

Weak permission for temporary files...

2.1CVSS1.9AI score0.00482EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder