Lucene search
K

3760 matches found

RedHat Linux
RedHat Linux
added 2026/04/09 8:27 p.m.3 views

nodejs: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix.

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.3CVSS6.3AI score0.00159EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.8 views

RHEL 9 : nodejs:24 (RHSA-2026:7350)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:7350 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...

9.8CVSS7.3AI score0.26356EPSS
Exploits1References38
Cvelist
Cvelist
added 2026/04/08 1:55 p.m.32 views

CVE-2025-57854 Osus-operator: privilege escalation via excessive /etc/passwd permissions

A container privilege escalation flaw was found in certain OpenShift Update Service OSUS images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, ev...

6.4CVSS0.00145EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/08 1:55 p.m.9 views

CVE-2025-57853

A container privilege escalation flaw was found in certain Web Terminal images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root...

6.4CVSS6.1AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/08 1:6 a.m.3 views

CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

5.8AI score0.00292EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/04 5:35 a.m.6 views

Insecure File Permissions

Claude SDK for Python is vulnerable to insecure file permissions. The vulnerability is due to the memory tool creating files with mode 0o666, where the files are world‑readable on systems with a standard umask and world‑writable in environments with a permissive umask, and a local attacker on a...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/01 9:15 p.m.11 views

EUVD-2026-17677

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/01 9:15 p.m.7 views

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/31 10:11 p.m.5 views

CVE-2026-21716

A flaw was found in Node.js. An incomplete security fix allows code operating under restricted file system write permissions to bypass these limitations. This vulnerability enables the modification of file permissions and ownership on already-open files, even when explicit write access is denied...

3.8CVSS6.2AI score0.00159EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/31 9:32 p.m.6 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References3
CVE
CVE
added 2026/03/31 9:32 p.m.17 views

CVE-2026-34450

The Claude SDK for Python (Anthropic) suffers a local-file-permission issue in its local filesystem memory tool: versions 0.86.0 up to before 0.87.0 create memory files with mode 0o666, making them world-readable on typical umasks and world-writable on permissive Docker images. A local attacker o...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/03/31 12:0 a.m.7 views

Claude SDK for Python 安全漏洞

Claude SDK for Python is an open-source Python software development toolkit developed by Anthropic for calling the Claude API. Versions of Claude SDK for Python prior to 0.87.0 contained a security vulnerability. This vulnerability stemmed from improper file permission settings created by memory...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.3 views

PT-2026-29378

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References5
OSV
OSV
added 2026/03/30 8:16 p.m.4 views

ALPINE-CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

3.3CVSS7.1AI score0.00159EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21716

An incomplete fix for CVE-2024-36137 leaves FileHandle.chmod and FileHandle.chown in the promises API without the required permission checks, while their callback-based equivalents fs.fchmod, fs.fchown were correctly patched. As a result, code running under --permission with restricted...

3.3CVSS6.1AI score0.00159EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/29 12:44 p.m.23 views

CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...

8.4CVSS0.0012EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

7.8CVSS6AI score0.00233EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/03/26 4:18 p.m.22 views

CVE-2026-3113 mmctl export download command doesn’t restrict permissions to created file to file owner

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593...

5CVSS0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 4:18 p.m.1 views

CVE-2026-3113 mmctl export download command doesn’t restrict permissions to created file to file owner

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to set permissions on downloaded bulk export which allows other local users on the server to be able to read contents of the bulk export.. Mattermost Advisory ID: MMSA-2026-00593...

5CVSS5.8AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:11 p.m.5 views

CVE-2026-29516

Buffalo TeraStation NAS TS5400R firmware version 4.02-0.06 and prior contain an excessive file permissions vulnerability that allows authenticated attackers to read the /etc/shadow file by uploading and executing a PHP file through the webserver. Attackers can exploit world-readable permissions o...

6.9CVSS5.8AI score0.00513EPSS
Exploits0References1
Rows per page
Query Builder