Incorrect Permission Assignment for Critical Resource

Overview @anthropic-ai/sdk is a The official TypeScript library for the Anthropic API Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource in the BetaLocalFilesystemMemoryTool that creates memory files and directories using the Node.js default...

GHSA-JP6G-G3V3-6GVF Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability

Jenkins Microsoft Entra ID previously Azure AD Plugin versions 666.v6060de32f87d and earlier do not restrict the redirect URL after login. This allows attackers to perform phishing attacks by having users go to a Jenkins URL that will forward them to a different site after successful...

12boowjljk-notthedevs (=1.6.9), ahahscroot (=1.0.1) +14 more potentially affected by unknown CVE via 666-tea (=1.1.4)

666-tea NPM version =1.1.4 is affected by a known vulnerability. The following packages have a transitive dependency on 666-tea and may be impacted: - 12boowjljk-notthedevs =1.6.9 - ahahscroot =1.0.1 - bacoritul =1.0.1 - basuki =1.0.0 - df6fqftol9-notthedevs =1.6.9 - forilcuy =1.0.1 - gasmbut...

EUVD-2025-72732

Malicious code in 666-tea npm...

EulerOS 2.0 SP12 : screen (EulerOS-SA-2025-2026)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session.CVE-2025-46802 A minor information...

Huawei EulerOS: Security Advisory for screen (EulerOS-SA-2025-2113)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2025-46802

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session. CVE-2025-46802 Note that Nessus relies on the...

EulerOS 2.0 SP13 : screen (EulerOS-SA-2025-1985)

According to the versions of the screen package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when...

CVE-2025-46802

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

UBUNTU-CVE-2025-46802

For a short time they PTY is set to mode 666, allowing any user on the system to connect to the screen session...

Backdoor.Win32.Nightmare.25 MVID-2024-0687 Code Execution

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/0fe8f37543e8face08941899add38e35.txt Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Nightmare.25 Vulnerability: Unauthenticated Remote Command Execution Family:...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2024-666)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-666 advisory. The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an Expect: 100-continue header with a non-informational 200 or higher status. This mishandling could leave a...

ZTE ZXMP M721 权限许可和访问控制问题漏洞

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE Corporation ZTE in China.The ZTE ZXMP M721 has a privilege and access control vulnerability, which stems from the fact that the folder privilege viewed by sftp is 666, which is inconsistent with the actual privilege,...

Fix of CVE: CVE-2021-34693, CVE-2021-20292, CVE-2021-28972, CVE-2021-20265, CVE-2021-32399, CVE-2014-4508, CVE-2021-3612, CVE-2021-3178, CVE-2021-37159, CVE-2021-38205, CVE-2021-3573, CVE-2021-38160

ELSCVE-666: CVE-2021-34693: can: bcm: fix infoleak in struct bcmmsghead - ELSCVE-705: CVE-2021-38160: virtioconsole: Assure used length from device is limited - ELSCVE-769: CVE-2014-4508: x8632, entry: Do syscall exit work on badsys CVE-2014-4508 - ELSCVE-844: CVE-2021-3573: Bluetooth: use...

flexxolutions.nl XSS vulnerability

Open Bug Bounty ID: OBB-638310 Description| Value ---|--- Affected Website:| flexxolutions.nl Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Debian DLA-666-1 : guile-2.0 security update

Several vulnerabilities were discovered in GNU Guile, an implementation of the Scheme programming language. The Common Vulnerabilities and Exposures project identifies the following issues. CVE-2016-8605: The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that...

Amazon Linux AMI : sos (ALAS-2016-666)

An insecure temporary file use flaw was found in the way sos created certain sosreport files. A local attacker could possibly use this flaw to perform a symbolic link attack to reveal the contents of sosreport files, or in some cases modify arbitrary files and escalate their privileges on the...

aa.com Open Redirect vulnerability

Vulnerable URL: http://www.aa.com/closeJSEM.do?url=https://www.xssposed.org Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 666 Google Pagerank| 7 VIP website status:| Yes Check aa.com SSL connection:|...

FireEye Exploitation: Project Zero’s Vulnerability of the Beast

Posted by Tavis Ormandy, Chief Silver Bullet Skeptic. FireEye sell security appliances to enterprise and government customers. FireEye’s flagship products are monitoring devices designed to be installed at egress points of large networks, i.e. where traffic flows from the intranet to the internet...