Lucene search
K

83 matches found

OSV
OSV
added 2026/06/26 8:44 p.m.3 views

GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.5CVSS5.6AI score
Exploits0References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/25 10:21 p.m.8 views

Malicious code in unsafe-malicious-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3579cb796e48f446b07e2dbbce2e301d1a3e87d8a9a35ed1dbe825fc53f29da9 On npm install, the package's postinstall lifecycle script scripts/postinstall.js reads the installer's AWS credentials file at /.aws/credentials and...

5.8AI score
Exploits0References9
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8926

When asking curl to use a .netrc file to find credentials and at the same time specifying a URL with a usernamewithout a password, like https://[email protected]/, curl could wrongly get and use the password for another user set in the .netrc file for that host if such a one exists and there is no...

9.1CVSS6.1AI score0.0061EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/06/02 12:30 a.m.64 views

CVE-2026-10548 NousResearch hermes-agent Credential Pool Synchronization credential_pool.py _sync_anthropic_entry_from_credentials_file improper authentication

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS0.0014EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/02 12:30 a.m.15 views

EUVD-2026-33856

A security flaw has been discovered in NousResearch hermes-agent up to 2026.4.23. This affects the function syncanthropicentryfromcredentialsfile of the file agent/credentialpool.py of the component Credential Pool Synchronization. The manipulation results in improper authentication. The attack...

5.3CVSS5.6AI score0.0014EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.9 views

Hermes Agent 授权问题漏洞

Hermes Agent is an AI agent tool developed by Nous Research, featuring a self-learning mechanism. Versions of Hermes Agent prior to 2026.4.23 contained an authorization vulnerability. This vulnerability stemmed from issues with the syncanthropicentryfromcredentialsfile function in the Credential...

5.3CVSS5.3AI score0.0014EPSS
Exploits0References6
NVD
NVD
added 2026/05/16 4:16 p.m.20 views

CVE-2021-47942

Home Assistant Community Store HACS prior to 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read sensitive files by traversing directories via the /hacsfiles/ endpoint. Attackers can retrieve the .storage/auth file containing user credentials and refresh...

8.7CVSS0.00498EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/05/07 2:55 a.m.37 views

CVE-2026-41655 Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials

Admidio is an open-source user management solution. Prior to version 5.0.9, the ecardpreview.php endpoint does not validate that the ecardtemplate POST parameter is a safe filename before passing it to ECard::getEcardTemplate. An authenticated user can supply a path traversal payload e.g.,...

6.5CVSS0.00307EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/01 10:54 p.m.111 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 “Copy Fail” LAN posture scanner copyfailsc...

7.8CVSS6.6AI score0.96267EPSS
Exploits230
CNNVD
CNNVD
added 2026/04/23 12:0 a.m.12 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.28 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable cleanup issues, where GITTEMPLATEDIR and AWSCONFIGFILE were not protected...

5.8CVSS6AI score0.00105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 5:24 a.m.5 views

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS5.6AI score0.00204EPSS
Exploits0References1
NVD
NVD
added 2026/04/05 2:16 a.m.11 views

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS0.00204EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/05 1:0 a.m.28 views

CVE-2026-5531 SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS0.00204EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/05 1:0 a.m.3 views

CVE-2026-5531

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS5.4AI score0.00204EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 1:0 a.m.3 views

CVE-2026-5531 SourceCodester Student Result Management System HTTP GET Request login_credentials.txt cleartext storage in file

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /logincredentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotel...

6.9CVSS5.6AI score0.00204EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/05 12:0 a.m.10 views

PT-2026-30402

A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated...

6.9CVSS5.4AI score0.00204EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.29 views

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/18 4:9 p.m.3 views

GHSA-8MPM-Q7MH-8FVH Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

8.6CVSS5.9AI score0.00134EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/16 6:32 p.m.6 views

EUVD-2026-12468

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

2.5CVSS4.9AI score0.00097EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/03/16 4:2 p.m.6 views

CVE-2026-4251 CityData CityChat ai.citydata.citychat credentials.json credentials storage

A vulnerability was determined in CityData CityChat up to 0.12.6 on Android. Affected by this vulnerability is an unknown functionality of the file resources/assets/flutterassets/assets/credentials.json of the component ai.citydata.citychat. Executing a manipulation can lead to unprotected storag...

2.5CVSS4.9AI score0.00097EPSS
Exploits0References4
Rows per page
Query Builder