Lucene search
K

1417 matches found

Vulnrichment
Vulnrichment
added 2026/04/13 6:11 p.m.2 views

CVE-2026-40044 Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/13 6:11 p.m.5 views

CVE-2026-40044

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/13 12:0 a.m.7 views

PT-2026-32498

Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory,...

9.8CVSS6.2AI score0.00484EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.79 views

📄 Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Pachno version 1.0.6 uses the unserialize function on the contents of cache files stored under PACHNOPATH/cache/ during the framework bootstrap sequence, before any authentication, routing, or controller logic is executed. Cache files are created with world-writable permissions chmod 0666 and use...

6.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2026/04/12 12:0 a.m.65 views

Pachno 1.0.6 FileCache Deserialization Remote Code Execution

Summary Pachno is an open-source collaboration platform formerly known as The Bug Genie designed for team project management, issue tracking, and documentation. It offers a module-based, customizable environment for software development and team workflows, distributed under the Mozilla Public...

9.8CVSS6.4AI score0.00484EPSS
Exploits1
OSV
OSV
added 2026/04/01 9:15 p.m.2 views

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/31 9:32 p.m.31 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/18 3:33 p.m.4 views

CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

5.9AI score0.00127EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/18 3:33 p.m.5 views

CVE-2026-24063

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/18 3:33 p.m.20 views

CVE-2026-24063 World-writable uninstall script executed as root in Arturia Software Center

When a plugin is installed using the Arturia Software Center MacOS, it also installs an uninstall.sh bash script in a root owned path. This script is written to disk with the file permissions 777, meaning it is writable by any user. When uninstalling a plugin via the Arturia Software Center the...

0.00127EPSS
Exploits1References1
CVE
CVE
added 2026/03/18 3:33 p.m.9 views

CVE-2026-24063

The CVE concerns Arturia Software Center on macOS. A plugin install creates an uninstall.sh script in a root-owned path with 777 permissions, writable by any user. During plugin uninstall, the Privileged Helper is instructed to execute this script. If an attacker manipulates the script, this can ...

8.2CVSS5.9AI score0.00127EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2016-10803

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

9.8CVSS5.8AI score0.00735EPSS
Exploits1References7
NVD
NVD
added 2026/03/16 2:17 p.m.6 views

CVE-2016-20024

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

9.8CVSS0.00735EPSS
Exploits1References6
CVE
CVE
added 2026/03/15 1:35 p.m.10 views

CVE-2016-20024

The CVE-2016-20024 issue affects ZKTeco ZKTime.Net product lines, notably 3.0.1.6 (and related versions 3.0.1.5/3.0.1.1 per sources). The root cause is insecure file permissions: world-writable rights on the ZKTimeNet3.0 directory and its contents allow unprivileged users to replace executable fi...

9.8CVSS5.8AI score0.00735EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/03/15 1:35 p.m.1 views

CVE-2016-20024 ZKTeco ZKTime.Net 3.0.1.6 Insecure File Permissions Privilege Escalation

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

9.8CVSS5.8AI score0.00735EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/03/15 1:35 p.m.3 views

CVE-2016-20024

ZKTeco ZKTime.Net 3.0.1.6 contains an insecure file permissions vulnerability that allows unprivileged users to escalate privileges by modifying executable files. Attackers can exploit world-writable permissions on the ZKTimeNet3.0 directory and its contents to replace executable files with...

5.8AI score0.00735EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/15 12:0 a.m.5 views

PT-2026-25664

Name of the Vulnerable Software and Affected Versions ZKTeco ZKTime.Net version 3.0.1.6 Description The software contains an insecure file permissions issue that allows users with limited access to gain higher privileges. This is possible by altering executable files. Attackers can take advantage...

9.8CVSS5.5AI score0.00735EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.3 views

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6AI score0.00142EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/05 3:31 a.m.2 views

EUVD-2026-9517

IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...

7.1CVSS5.9AI score0.00106EPSS
Exploits1References2
EUVD
EUVD
added 2026/03/05 3:31 a.m.6 views

EUVD-2026-9518

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6.1AI score0.00142EPSS
Exploits1References2
Rows per page
Query Builder