Lucene search
K

1389 matches found

Positive Technologies
Positive Technologies
added 2026/04/29 12:0 a.m.8 views

PT-2026-36109

Name of the Vulnerable Software and Affected Versions Claude SDK for TypeScript versions 0.79.0 through 0.91.0 Description The BetaLocalFilesystemMemoryTool creates memory files and directories using Node.js default modes 0o666 for files and 0o777 for directories. This results in files being...

4.8CVSS5.8AI score0.00119EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.5 views

Unity Linux 20.1070a Security Update: open-vm-tools (UTSA-2026-007257)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007257 advisory. VMware Tools contains an insecure file handling vulnerability.A malicious actor with non-administrative privileges on a guest VM may tamper the local files to trigge...

6.1CVSS5.8AI score0.00255EPSS
Exploits0References4
OSV
OSV
added 2026/04/16 2:46 p.m.8 views

CLSA-2026-1776346717 glib2: Fix of 2 CVEs

CVE-2019-12450: fix insecure file permissions during copy operations - CVE-2019-13012: fix insecure directory and file permissions in keyfile settings backend...

9.8CVSS7.1AI score0.03211EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/13 12:0 a.m.95 views

📄 Pachno 1.0.6 Shell Upload

Pachno version 1.0.6 suffers from a remote shell upload vulnerability. The multipart file parameter to the /uploadfile endpoint allows authenticated users to upload files directly to the server. File upload must be enabled by an admin, who can also configure the storage path, within a...

6.2AI score
Exploits0
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.7 views

WordPress plugin VideoPro 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.1CVSS5.8AI score0.00466EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.7 views

WordPress plugin Freeio 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.5CVSS5.8AI score0.00381EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.9 views

Meesho Online Shopping 加密问题漏洞

Meesho Online Shopping is an e-commerce system developed by the Meesho company. Versions of Meesho Online Shopping prior to 27.3 contained a security vulnerability related to encrypted data handling. This vulnerability stemmed from incorrect operations with files and API endpoints, potentially...

6.3CVSS5.8AI score0.00188EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/04 5:35 a.m.6 views

Insecure File Permissions

Claude SDK for Python is vulnerable to insecure file permissions. The vulnerability is due to the memory tool creating files with mode 0o666, where the files are world‑readable on systems with a standard umask and world‑writable in environments with a permissive umask, and a local attacker on a...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.6 views

SUSE SLES15 / openSUSE 15 Security Update : kea (SUSE-SU-2026:1091-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1091-1 advisory. Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Fixed loading a malicious hook library can lead to local...

7.8CVSS6AI score0.00233EPSS
Exploits0References8
EUVD
EUVD
added 2026/03/25 9:30 p.m.5 views

EUVD-2026-16002

A vulnerability was detected in Enter Software Iperius Backup bis 8.7.3. Affected is an unknown function of the file C:\ProgramData\IperiusBackup\Jobs\ of the component Backup Service. Performing a manipulation results in creation of temporary file with insecure permissions. The attack is only...

7.3CVSS6.2AI score0.00163EPSS
Exploits0References6
NVD
NVD
added 2026/03/25 5:16 p.m.10 views

CVE-2026-25458

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Select-Themes Moments moments allows PHP Local File Inclusion.This issue affects Moments: from n/a through = 2.2...

8.1CVSS0.00403EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Iperius Backup 安全漏洞

Iperius Backup is a backup tool developed by the Italian company Iperius Backup. Iperius Backup versions 8.7.3 and earlier have a security vulnerability. This vulnerability stems from insecure permissions when the backup service component creates temporary files, which could lead to local attacks...

7.3CVSS7.1AI score0.00163EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.8 views

WordPress plugin Good Homes 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

8.1CVSS5.8AI score0.00504EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

WordPress plugin Visual Portfolio, Photo Gallery & Post Grid 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

7.5CVSS5.8AI score0.003EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/21 12:47 p.m.2 views

CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References4
CVE
CVE
added 2026/03/21 12:47 p.m.8 views

CVE-2019-25568

Memu Play 6.0.7 contains an insecure file-permissions vulnerability that enables privilege escalation by replacing MemuService.exe in the installation directory with a malicious executable. An attacker can rename/overwrite MemuService.exe, causing the service to run at system level upon reboot. T...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/21 12:47 p.m.30 views

CVE-2019-25568 Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS0.0032EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.3 views

PT-2026-26913

Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/03/21 12:0 a.m.6 views

Microvirt Memu Play 访问控制错误漏洞

Microvirt Memu Play is an Android emulator developed by Microvirt Corporation. Version 6.0.7 of Microvirt Memu Play contains a access control vulnerability, which stems from insecure file permissions. This vulnerability could allow low-privilege users to elevate their privileges by replacing the...

9.8CVSS5.8AI score0.0032EPSS
Exploits1References4
OSV
OSV
added 2026/03/17 4:32 p.m.4 views

SUSE-SU-2026:0907-1 Security update for kea

This update for kea fixes the following issues: Update to release 2.6.3 bsc1243240: - CVE-2025-32801: Loading a malicious hook library can lead to local privilege escalation. - CVE-2025-32802: Insecure handling of file paths allows multiple local attacks. - CVE-2025-32803: Insecure file permissio...

7.8CVSS5.8AI score0.00233EPSS
Exploits0References5
Rows per page
Query Builder