administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypa…

The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, 3.2.x before 3.2.4, and 3.3.…

SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be r…

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

An issue was discovered in SolarWinds MSP PME (Patch Management Engine) Cache Service before 1.…

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attac…

The vCenter Server contains an information disclosure vulnerability due to improper permission …

An issue was discovered in Vaultwarden (formerly Bitwarden_RS) 1.30.3. A vulnerability has been…

The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing.

PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface.

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

INSTEON Hub 2242-222 lacks Web and API authentication

Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legit…

A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Softwar…

Millennium Millewin (also known as "Cartella clinica") 13.39.028, 13.39.28.3342, and 13.39.146.…

An unspecified server utility in NoMachine before 5.3.10 on Mac OS X and Linux allows authentic…

Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to …

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and poss…

The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfigu…

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permi…

An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permi…

In XeroSecurity Sn1per 9.0 (free version), insecure permissions (0777) are set upon application…

CoreDial sipXcom up to and including 21.04 is vulnerable to Insecure Permissions. A user who ha…

An issue was discovered in REDCap 8.11.6 through 9.x before 10. The messenger's CSV feature (th…

An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notificati…

NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode …

Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.

An issue was discovered in AndyOS Andy versions up to 46.11.113. By default, it starts telnet a…

Automox Agent before 32 on Windows incorrectly sets permissions on a temporary directory.

Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business prod…

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation direct…

A vulnerability was found in CIR 2000 / Gestionale Amica Prodigy v1.7. The Amica Prodigy's exec…

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak perm…

The "CLink4Service" service is installed with Corsair Link 4.9.7.35 with insecure permissions b…

Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permi…

Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These art…

A remote code execution vulnerability exists in the Windows agent component of SecureConnector …

Adobe Genuine Integrity Service versions Version 6.4 and earlier have an insecure file permissi…

Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, wh…

A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5,…