Incorrect Permission Assignment

Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges…

Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to…

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems…

Dell PowerProtect Agent Service, version(s) prior to 20.1, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A…

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before…

Dell AppSync, version(s) 4.6.0, contain(s) an Incorrect Permission Assignment for Critical Resource vulnerability. A low privileged attacker with…

A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all…

In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or…

Mattermost versions 11.4.x

Briefcase is a tool for converting a Python project into a standalone native application. Starting in version 0.3.0…

When a certificate and its private key are installed in the Windows machine certificate store using Network and…

A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma…

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma…

OpenClaw versions prior to 2026.3.1 fail to enforce sandbox inheritance during cross-agent sessions_spawn operations, allowing sandboxed sessions to…

Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb,…

Apache Airflow versions 3.1.0 through 3.1.7 /ui/dependencies endpoint returns the full DAG dependency graph without filtering by authorized…

Apache Airflow versions 3.0.0 through 3.1.7 FastAPI DagVersion listing API does not apply per-DAG authorization filtering when the request…

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated…

An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be…

Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges…

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to…

Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber…

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect…

Credentials are not deleted from Acronis Agent after plan revocation. The following products are affected: Acronis Cyber Protect…

Incorrect permission assignment (world-writable file) in /etc/udhcpc/default.script in International Data Casting (IDC) SFX2100 Satellite Receiver allows a local unprivileged…