| CVE-2026-49157 |
2026-06-01 |
Incorrect Default Permissions vulnerability in Apache ActiveMQ.
This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before 6.2.6.
The default Jolokia authorization settings granted non-adm… |
| CVE-2026-48191 |
2026-06-01 |
An incorrect handling of permissions in STORM powered by OTRS and in OTRS (2026.x and above) Document Search Article Meta Filters modules allows gaining knowledge about number of affected CIs, SLA and… |
| CVE-2026-48190 |
2026-06-01 |
An incorrect handling of permissions in OTRS External Interface and the ConfigItem List module allows an authenticated customer to query the system for CI information. Please note that CMDB has to be … |
| CVE-2026-33590 |
2026-05-28 |
Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with endp… |
| CVE-2026-49237 |
2026-05-28 |
An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd dae… |
| CVE-2026-44469 |
2026-05-26 |
The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU ra… |
| CVE-2026-44468 |
2026-05-26 |
The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the compo… |
| CVE-2018-25359 |
2026-05-25 |
Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by modifying service executable files. Attackers can r… |
| CVE-2026-8487 |
2026-05-20 |
Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data.
This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 befor… |
| CVE-2026-47107 |
2026-05-19 |
Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticat… |
| CVE-2025-48516 |
2026-05-15 |
Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent … |
| CVE-2026-0432 |
2026-05-15 |
Incorrect default permissions in the installation directory for the AMD chipset driver could allow an attacker to achieve privilege escalation resulting in arbitrary code execution. |
| CVE-2025-48512 |
2026-05-15 |
Incorrect default permissions in the installation directory for the AMD general-purpose input/output controller (GPIO) could allow an attacker to achieve privilege escalation resulting in arbitrary co… |
| CVE-2026-27680 |
2026-05-14 |
Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the appli… |
| CVE-2026-36742 |
2026-05-13 |
Hiseeu C90 v5.7.15 is vulnerable to Insecure Permissions. The UART bootloader is accessible when battery is disconnected (hidden/debug mode). |
| CVE-2026-21015 |
2026-05-13 |
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. |
| CVE-2026-20718 |
2026-05-12 |
Incorrect default permissions for some Intel(R) NPU Driver software installers before version 32.0.100.4511 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software… |
| CVE-2026-41712 |
2026-05-12 |
Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users. |
| CVE-2026-45393 |
2026-05-12 |
A vulnerability chain in Cribl Edge for Windows before 4.17.1 allows a local authenticated user to escalate privileges to NT AUTHORITY\SYSTEM. Incorrect default permissions on the Windows installer's … |
| CVE-2026-0539 |
2026-04-22 |
Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This s… |