CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/04/22 12:0 a.m.•3 views

PT-2026-34489

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

3.3CVSS5.7AI score0.00012EPSS

NVD•added 2026/04/17 9:16 p.m.•3 views

CVE-2026-35603

Claude Code is an agentic coding tool. In versions prior to 2.1.75 on Windows, Claude Code loaded the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable ...

7.3CVSS0.00012EPSS

CVE•added 2026/04/17 8:38 p.m.•13 views

CVE-2026-35603

CVE-2026-35603 affects Claude Code on Windows prior to 2.1.75. The issue arises when Claude Code loads the system-wide default configuration from C:\ProgramData\ClaudeCode\managed-settings.json without validating directory ownership or permissions. Since ProgramData is writable by non-admins by d...

7.3CVSS5.7AI score0.00012EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/04/17 8:38 p.m.•1 views

CVE-2026-35603

5.4CVSS5.7AI score0.00012EPSS

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/17 12:0 a.m.•4 views

PT-2026-33510

On Windows, Claude Code loaded system-wide default configuration from C:ProgramDataClaudeCodemanaged-settings.json without validating directory ownership or access permissions. Because the ProgramData directory is writable by non-administrative users by default and the ClaudeCode subdirectory was...

5.4CVSS5.8AI score0.00012EPSS

Exploits0References5

SUSE CVE•added 2026/04/10 11:25 p.m.•3 views

SUSE CVE-2026-39860

Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds typically the Nix daemon running as root in multi-user installations by following symlinks during...

9CVSS5.9AI score0.00013EPSS

NVD•added 2026/04/08 9:17 p.m.•0 views

CVE-2026-39860

9CVSS0.00013EPSS

Exploits0References6

OSV•added 2026/04/08 9:17 p.m.•0 views

DEBIAN-CVE-2026-39860

8.4CVSS5.7AI score0.00013EPSS

EUVD•added 2026/04/08 8:58 p.m.•1 views

EUVD-2026-20626

9CVSS6AI score0.00062EPSS

Exploits1References6

CVE•added 2026/04/08 8:58 p.m.•17 views

CVE-2026-39860

CVE-2026-39860 affects Nix, via a bug in the fix for CVE-2024-27297 that allowed arbitrary overwrites of files writable by the Nix build orchestrator (typically the root-running Nix daemon in multi-user setups) by following symlinks during fixed-output derivation output registration. Impact is li...

9CVSS6AI score0.00013EPSS

Exploits0References6Affected Software1

RedhatCVE•added 2026/04/03 11:2 p.m.•2 views

CVE-2026-34584

listmonk is a standalone, self-hosted, newsletter and mailing list manager. From version 4.1.0 to before version 6.1.0, bugs in list permission checks allows users in a multi-user environment to access to lists which they don't have access to under different scenarios. This only affects multi-use...

NVD•added 2026/04/02 6:16 p.m.•3 views

CVE-2026-34584

5.4CVSS0.00034EPSS

ATTACKERKB•added 2026/04/02 5:31 p.m.•1 views

CVE-2026-34584

Exploits0References4Affected Software1

CVE•added 2026/04/02 5:31 p.m.•3 views

CVE-2026-34584

The CVE affects listmonk (standalone, self-hosted newsletter/mailing list app). From version 4.1.0 up to, but not including, 6.1.0, bugs in list permission checks allow users in multi-user environments to access lists they should not access. This could expose restricted lists under different scen...

Exploits0References3Affected Software1

EUVD•added 2026/04/02 5:31 p.m.•2 views

EUVD-2026-18450