Lucene search
K

66 matches found

RedhatCVE
RedhatCVE
added 3 days ago7 views

CVE-2026-46406

A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...

6.8CVSS6AI score0.00149EPSS
Exploits0References4
NVD
NVD
added 4 days ago9 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

6.1CVSS0.00149EPSS
Exploits0References1
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-40116

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References1
CVE
CVE
added 4 days ago16 views

CVE-2026-46406

CVE-2026-46406 affects @anthropic-ai/claude-code versions 2.1.59 through 2.1.128. The /copy command writes responses to a hardcoded, predictable path (/tmp/claude/response.md) with UID isolation, randomness, and symlink protections missing. The file is world-readable (0644) in a world-traversable...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5617 Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker

Docker: Race condition in docker cp allows bind mount redirection to host path in github.com/docker/docker...

7.2CVSS5.8AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:44 p.m.8 views

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS5.5AI score0.00101EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 3:16 a.m.16 views

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS0.00101EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/11 6:31 p.m.9 views

SQL Injection

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to SQL Injection via the Import/Export query export. An attacker can execute arbitrary commands on the server or write arbitrary files by injecting crafted input into the psql \copy metacommand template...

8.8CVSS6.2AI score0.01444EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35357

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.10 views

CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 5:16 p.m.3 views

UBUNTU-CVE-2026-35350

The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p preserve flag, the utility applies the source mode bits even if the chown operation is unsuccessful. This can result in a user-owned copy retaining origin...

6.6CVSS5.8AI score0.00125EPSS
Exploits1References3
OSV
OSV
added 2026/04/22 5:16 p.m.2 views

UBUNTU-CVE-2026-35359

A Time-of-Check to Time-of-Use TOCTOU vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link using path-based metadata but subsequently opens it without the ONOFOLLOW flag. An attacker with...

4.7CVSS5.9AI score0.00105EPSS
Exploits1References3
CVE
CVE
added 2026/04/22 4:8 p.m.13 views

CVE-2026-35358

The CVE concerns the cp utility in the uutils coreutils project. When performing recursive copies (-R), it mishandles character and block device nodes by treating them as regular stream sources instead of preserving device semantics. The implementation reads bytes into destination regular files r...

5.5CVSS5.7AI score0.00177EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-48546

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/03 1:49 p.m.2 views

CVE-2025-47421 Privilege escalation via SCP login

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

8.6CVSS6.7AI score0.00342EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-12392

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user...

5.5CVSS7.5AI score0.00347EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/02 2:12 a.m.5 views

firefox: thunderbird: Potential local code execution in “Copy as cURL” command

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Due to insufficient escaping of the newline character in the “Copy as cURL” feature, an attacker could trick a user into using this command, leading to local code execution on the user's system...

4.8CVSS7.7AI score0.00135EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/10/29 12:0 a.m.3 views

PT-2023-12218 · Isula · Isula

Name of the Vulnerable Software and Affected Versions: isula affected versions not specified Description: The issue arises when the isula cp command is used to copy files from a container to a host machine, and the container is controlled by an attacker. This allows the attacker to escape the...

8.4CVSS6.3AI score0.00206EPSS
Exploits0References7
Rows per page
Query Builder