Monthly
Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. Rapid7 released patched version 4.1.0.2 addressing this permission misconfiguration.
Dell PowerProtect Agent prior to version 20.1 allows low-privileged local attackers to read sensitive information through incorrect permission assignment on critical resources. The vulnerability requires local access and existing user privileges but can expose confidential data without requiring user interaction or elevated permissions.
Local privilege escalation in Acronis True Image for Windows before build 42902 allows authenticated users with low privileges to escalate to higher privileges through insecure folder permissions. An attacker with local access and user-level privileges can exploit improper permission settings on critical directories to achieve full system compromise, requiring user interaction (file execution or folder navigation). This vulnerability has a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact despite the elevated barriers to exploitation.
Incorrect permission assignment in Dell AppSync 4.6.0 enables local privilege escalation to high-impact system access. Authenticated attackers with low-privilege local access can exploit misconfigured resource permissions to elevate privileges, achieving full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis. Dell has released security advisory DSA-2026-163 addressing this vulnerability. EPSS data unavailable; CVSS 7.3 reflects significant local threat requiring user interaction.
Node.js Permission Model enforcement in versions 20.x, 22.x, 24.x, and 25.x fails to validate read permissions for fs.realpathSync.native(), allowing local authenticated processes running under --permission with restricted --allow-fs-read to enumerate filesystem paths, check file existence, and resolve symlink targets outside permitted directories. This information disclosure vulnerability bypasses sandbox restrictions intentionally configured by administrators and affects multiple stable and current Node.js release series.
TigerVNC x0vncserver versions prior to 1.16.2 expose screen contents to unauthorized local users through incorrect file permissions in Image.cxx, enabling information disclosure, screen manipulation, or denial of service. The vulnerability has CVSS 8.5 (High) with local attack vector requiring no privileges or user interaction, and scope change indicating potential impact beyond the vulnerable component. No public exploit identified at time of analysis, though technical details are available via GitHub commit and mailing list disclosure.
Mattermost bulk export functionality fails to apply proper file permissions, allowing unprivileged local users on affected servers to read sensitive exported data. Mattermost versions 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11 are vulnerable (CVE-2026-3113, MMSA-2026-00593). An authenticated local attacker with login credentials can access bulk export files created by other users, leading to unauthorized information disclosure of potentially sensitive team and channel communications. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the vulnerability's automatable nature and low attack complexity warrant prompt patching.
A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.
A permissions enforcement vulnerability in macOS allows applications to modify protected portions of the file system that should be restricted from unauthorized access. This issue affects macOS Sequoia, Sonoma, and Tahoe across multiple versions prior to their patched releases (15.7.5, 14.8.5, and 26.4 respectively). An attacker controlling or tricking a user into running a malicious application could leverage this permissions bypass to modify system-critical files, potentially enabling privilege escalation, persistence mechanisms, or system compromise.
Protected system files on macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can be deleted by attackers with root privileges due to improper state management. This integrity-impacting vulnerability affects administrators and privileged users who could leverage elevated access to remove critical system components. No patch is currently available for this medium-severity issue.
Improperly restricted file permissions on Rapid7 Insight Agent installer certificate files on Windows systems allow locally authenticated standard users to read the agent's private key (client.key), enabling identity material disclosure and potential lateral movement or agent impersonation. CVSS 6.8 (CVSS:4.0 LOCAL/LOW complexity, PR:L) reflects local authentication requirement; CISA KEV status not confirmed. Rapid7 released patched version 4.1.0.2 addressing this permission misconfiguration.
Dell PowerProtect Agent prior to version 20.1 allows low-privileged local attackers to read sensitive information through incorrect permission assignment on critical resources. The vulnerability requires local access and existing user privileges but can expose confidential data without requiring user interaction or elevated permissions.
Local privilege escalation in Acronis True Image for Windows before build 42902 allows authenticated users with low privileges to escalate to higher privileges through insecure folder permissions. An attacker with local access and user-level privileges can exploit improper permission settings on critical directories to achieve full system compromise, requiring user interaction (file execution or folder navigation). This vulnerability has a CVSS score of 6.7 reflecting high confidentiality, integrity, and availability impact despite the elevated barriers to exploitation.
Incorrect permission assignment in Dell AppSync 4.6.0 enables local privilege escalation to high-impact system access. Authenticated attackers with low-privilege local access can exploit misconfigured resource permissions to elevate privileges, achieving full confidentiality, integrity, and availability compromise. No public exploit identified at time of analysis. Dell has released security advisory DSA-2026-163 addressing this vulnerability. EPSS data unavailable; CVSS 7.3 reflects significant local threat requiring user interaction.
Node.js Permission Model enforcement in versions 20.x, 22.x, 24.x, and 25.x fails to validate read permissions for fs.realpathSync.native(), allowing local authenticated processes running under --permission with restricted --allow-fs-read to enumerate filesystem paths, check file existence, and resolve symlink targets outside permitted directories. This information disclosure vulnerability bypasses sandbox restrictions intentionally configured by administrators and affects multiple stable and current Node.js release series.
TigerVNC x0vncserver versions prior to 1.16.2 expose screen contents to unauthorized local users through incorrect file permissions in Image.cxx, enabling information disclosure, screen manipulation, or denial of service. The vulnerability has CVSS 8.5 (High) with local attack vector requiring no privileges or user interaction, and scope change indicating potential impact beyond the vulnerable component. No public exploit identified at time of analysis, though technical details are available via GitHub commit and mailing list disclosure.
Mattermost bulk export functionality fails to apply proper file permissions, allowing unprivileged local users on affected servers to read sensitive exported data. Mattermost versions 11.4.0, 11.3.x through 11.3.1, 11.2.x through 11.2.3, and 10.11.x through 10.11.11 are vulnerable (CVE-2026-3113, MMSA-2026-00593). An authenticated local attacker with login credentials can access bulk export files created by other users, leading to unauthorized information disclosure of potentially sensitive team and channel communications. No public exploit code has been identified at time of analysis, and CISA has not listed this in the Known Exploited Vulnerabilities catalog, though the vulnerability's automatable nature and low attack complexity warrant prompt patching.
A privilege escalation vulnerability exists in Panorama Suite where certificate private keys installed via the Network and Security tool are granted unnecessary access rights to the operator group, potentially allowing local privileged users to access sensitive cryptographic material. Panorama Suite 2025 versions up to 25.00.004 are affected unless patch PS-2500-00-0357 or higher is applied, while version 25.10.007 (Updated Dec. 25) is not vulnerable. This vulnerability has not been reported as actively exploited (no KEV status), but represents a real information disclosure risk due to improper Windows file permission assignment on security-critical objects.
A permissions enforcement vulnerability in macOS allows applications to modify protected portions of the file system that should be restricted from unauthorized access. This issue affects macOS Sequoia, Sonoma, and Tahoe across multiple versions prior to their patched releases (15.7.5, 14.8.5, and 26.4 respectively). An attacker controlling or tricking a user into running a malicious application could leverage this permissions bypass to modify system-critical files, potentially enabling privilege escalation, persistence mechanisms, or system compromise.
Protected system files on macOS (Sequoia 15.7.5, Sonoma 14.8.5, and Tahoe 26.4) can be deleted by attackers with root privileges due to improper state management. This integrity-impacting vulnerability affects administrators and privileged users who could leverage elevated access to remove critical system components. No patch is currently available for this medium-severity issue.