Lucene search
K

3760 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.8 views

Unity Linux 20.1060e / 20.1070e Security Update: samba (UTSA-2026-017509)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017509 advisory. A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory...

4.3CVSS5.7AI score0.01521EPSS
Exploits0References4
OSV
OSV
added 2026/05/07 12:55 a.m.14 views

GHSA-7V3R-M9C8-R855 Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist

Summary The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. This is a bypass of the fix for GHSA-qmwh-9m9c-h36m. Details The blocklist in...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.29 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.0029EPSS
Exploits1References9
Veracode
Veracode
added 2026/05/06 8:26 a.m.10 views

Insecure File Permissions

Claude SDK for TypeScript is vulnerable to insecure file permissions. The vulnerability is due to the BetaLocalFilesystemMemoryTool creating memory files and directories with world-readable and world-writable permissions, where a local attacker on a shared host could read persisted agent state, a...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.10 views

RHCOS 4 : OpenShift Container Platform 4.6.51 (RHSA-2021:4799)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4799 advisory. - jenkins: FilePathmkdirs does not check permission to create parent directories CVE-2021-21685 - jenkins: File path filters do not...

9.8CVSS5.9AI score0.02451EPSS
Exploits0References30
OSV
OSV
added 2026/05/04 1:12 p.m.11 views

JLSEC-2026-394

When curl 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally widen the permissions for the target file, leaving the...

9.8CVSS6.8AI score0.06823EPSS
Exploits1References16
RedHat Linux
RedHat Linux
added 2026/05/04 10:5 a.m.8 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/05/04 9:57 a.m.5 views

OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode

A flaw was found in OpenSSH. When the scp command is used by a root user to download a file with the legacy protocol option -O and without preserving original file permissions -p, the downloaded file can be installed with elevated privileges setuid or setgid. This unexpected behavior could allow ...

8.1CVSS5.8AI score0.00419EPSS
Exploits0References7
OSV
OSV
added 2026/04/29 10:28 p.m.5 views

GHSA-P7FG-763F-G4GF Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

The BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes 0o666 for files, 0o777 for directories, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask su...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-36109

Name of the Vulnerable Software and Affected Versions Claude SDK for TypeScript versions 0.79.0 through 0.91.0 Description The BetaLocalFilesystemMemoryTool creates memory files and directories using Node.js default modes 0o666 for files and 0o777 for directories. This results in files being...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/04/24 8:33 p.m.5 views

CVE-2026-31611

A flaw was found in the ksmbd component of the Linux kernel. A remote attacker could exploit this vulnerability by sending a specially crafted Access Control Entry ACE that causes an out-of-bounds read when parsing security identifiers. This out-of-bounds read can lead to the application of...

8.6CVSS5.5AI score0.00366EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.14 views

PT-2026-34963

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the ksmbd module, the parse dacl function compares each Access Control Entry ACE Security Identifier SID against sid unix NFS mode. If sid unix NFS mode is the prefix S-1-5-88-3 with...

9.8CVSS5.1AI score0.00525EPSS
Exploits0References351
OSV
OSV
added 2026/04/22 6:31 p.m.8 views

GHSA-2M8X-MVFX-GWGJ uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.9 views

Duplicate Advisory: uutils coreutils allows unauthorized modification of permissions on existing files

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pmf6-rcx4-v53v. This link is maintained to preserve external references. Original Description A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files...

7.1CVSS6AI score0.00165EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/04/22 5:16 p.m.9 views

CVE-2026-35357

The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions e.g., 0644 before being restricted to their final mode e.g., 0600 later in the process. A local attacker can race to open the file...

4.7CVSS0.00091EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-35341

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because...

7.1CVSS5.7AI score0.00165EPSS
Exploits1References3
SUSE Linux
SUSE Linux
added 2026/04/21 6:27 a.m.6 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
OSV
OSV
added 2026/04/21 6:27 a.m.4 views

SUSE-SU-2026:1509-1 Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. - CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. - CVE-2026-21716: incomplete fix for...

7.5CVSS5.7AI score0.26356EPSS
Exploits0References15
SUSE Linux
SUSE Linux
added 2026/04/20 10:9 a.m.5 views

Security update for nodejs22

This update for nodejs22 fixes the following issues: Update to version 22.22.2. CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request bsc1260494. CVE-2026-21716: incomplete fix for CVE-2024-36137...

8.7CVSS6.8AI score0.26356EPSS
Exploits0References28
RedhatCVE
RedhatCVE
added 2026/04/18 7:22 a.m.5 views

CVE-2026-24749

The Silverstripe Assets Module is a required component of Silverstripe Framework. In versions prior to 2.4.5 and 3.0.0-rc1 through 3.1.2, images rendered in templates or otherwise accessed via DBFile::getURL or DBFile::getSourceURL incorrectly add an access grant to the current session, which...

5.3CVSS5.5AI score0.00398EPSS
Exploits0References1
Rows per page
Query Builder