Lucene search
K

3753 matches found

RedHat Linux
RedHat Linux
added 2026/05/04 9:57 a.m.4 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/04/29 10:28 p.m.4 views

GHSA-P7FG-763F-G4GF Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-36109

Name of the Vulnerable Software and Affected Versions Claude SDK for TypeScript versions 0.79.0 through 0.91.0 Description The BetaLocalFilesystemMemoryTool creates memory files and directories using Node.js default modes 0o666 for files and 0o777 for directories. This results in files being...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/24 8:33 p.m.5 views

CVE-2026-31611

A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted Access Control Entry ACE that causes an out-of-bounds read when parsing security identifiers. This out-of-bounds read can lead to the application of...

8.6CVSS5.5AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.14 views

PT-2026-34963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the parse dacl function compares each Access Control Entry ACE Security Identifier SID against sid unix NFS mode. If sid unix NFS mode is the prefix S-1-5-88-3 with...

9.8CVSS5.1AI score0.00514EPSS
Exploits0References349
OSV
OSV
added 2026/04/22 6:31 p.m.8 views

GHSA-2M8X-MVFX-GWGJ uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.5AI score0.00165EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-24969

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
NVD
NVD
added 2026/04/22 5:16 p.m.8 views

CVE-2026-35357

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS0.00091EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-35341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because...

7.1CVSS5.7AI score0.00165EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/04/21 6:27 a.m.6 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/21 6:27 a.m.4 views

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS5.7AI score0.26356EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/20 10:9 a.m.4 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.5 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/17 8:18 a.m.5 views

CVE-2026-6435

A flaw was found in rust-coreutils. A local attacker can exploit a Time-of-Check to Time-of-Use TOCTOU race condition in the chmod command when it traverses symbolic links. By manipulating file system objects between the permission check and the actual permission change, a malicious user can caus...

5.7AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/16 8:40 p.m.7 views

Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/16 8:40 p.m.8 views

EUVD-2026-23275

Silverstripe Assets Module has a DBFile::getURL permission bypass...

5.3CVSS5.8AI score0.00398EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 8:40 p.m.21 views

GHSA-JGCF-RF45-2F8V Silverstripe Assets Module has a DBFile::getURL() permission bypass

Impact Images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which bypasses file permissions. This usually happens when creating an image variant, for example using a manipulation method like ScaleWidt...

5.3CVSS5.7AI score0.00398EPSS
Exploits0References5
NVD
NVD
added 2026/04/16 6:16 p.m.8 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS0.00398EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/16 5:8 p.m.27 views

CVE-2026-24749 Silverstripe Assets Module has a DBFile::getURL() permission bypass

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS0.00398EPSS
Exploits0References2
Rows per page
Query Builder