Lucene search
K

23 matches found

Cvelist
Cvelist
added 5 days ago34 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/06/25 4:53 p.m.18 views

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/04/15 11:25 p.m.16 views

CVE-2026-40245

CVE-2026-40245 concerns Free5GC’s UDR service (versions 4.2.1 and below) where an information disclosure occurs via the 5G SBI endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify. When required query parameters are missing, the handler returns a 400 but does not stop execution,...

7.5CVSS5.9AI score0.00506EPSS
Exploits1References1Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2026/02/12 12:0 a.m.6 views

Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...

3.3CVSS5.5AI score0.11356EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 12:44 a.m.4 views

CVE-2025-67874 ChurchCRM has plaintext password return in response

ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other...

6.9CVSS6AI score0.00305EPSS
Exploits1References2
OSV
OSV
added 2025/12/16 12:44 a.m.3 views

CVE-2025-67874 ChurchCRM has plaintext password return in response

ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other...

6.9CVSS6.4AI score0.00305EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2008-5483

Malware in sbrugna...

6.8CVSS9AI score0.02091EPSS
Exploits0References52
CVE
CVE
added 2024/10/17 1:0 p.m.66 views

CVE-2024-49580

The CVE-2024-49580 issue affects JetBrains Ktor, specifically the HttpCache Plugin, due to improper caching that can disclose response information. Affected products/versions include Ktor before 2.3.13 (and, per PT-Security, before 3.0.0 for related caching behavior). The documented impact is inf...

5.3CVSS5AI score0.00343EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/22 8:37 p.m.53 views

CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File

In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...

4.3CVSS5.5AI score0.00395EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/10/06 12:0 a.m.113 views

Rocky Linux 8 : glibc (RLSA-2023:5455)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5455 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via...

7.8CVSS7.3AI score0.81422EPSS
Exploits27References9
Tenable Nessus
Tenable Nessus
added 2023/10/03 12:0 a.m.103 views

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-359)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-359 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP...

7.8CVSS7.3AI score0.81422EPSS
Exploits27References10
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.5 views

SUSE CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

6.8CVSS8.7AI score0.02091EPSS
Exploits0References6
Redos
Redos
added 2021/09/08 12:0 a.m.18 views

ROS-2-1229

2.1229 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...

9.8CVSS7.7AI score0.19431EPSS
Exploits19
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/02 8:42 a.m.18 views

Security Bulletin: Vulnerabilities have been addressed in IBM Cloud Pak System (Dec 2020)

Summary Multiple vulnerabilities have been identified and addressed in IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-4928 DESCRIPTION: IBM Cloud Pak System could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention...

8.8CVSS0.3AI score0.01053EPSS
Exploits0Affected Software1
Metasploit
Metasploit
added 2014/07/10 2:9 p.m.56 views

Flash "Rosetta" JSONP GET/POST Response Disclosure

A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...

4.3CVSS6.8AI score0.23024EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2009/06/30 12:0 a.m.38 views

GLSA-200906-04 : Apache Tomcat JK Connector: Information disclosure

The remote host is affected by the vulnerability described in GLSA-200906-04 Apache Tomcat JK Connector: Information disclosure The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the 'Content-Length' header while not providing data and 2 clients...

2.6CVSS5.2AI score0.07263EPSS
Exploits2References2
Gentoo Linux
Gentoo Linux
added 2009/06/29 12:0 a.m.30 views

Apache Tomcat JK Connector: Information disclosure

Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...

2.6CVSS7.4AI score0.07263EPSS
Exploits2
RedHat Linux
RedHat Linux
added 2009/01/07 10:27 a.m.3 views

Firefox XMLHttpRequest 302 response disclosure

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

6.8CVSS7.4AI score0.02091EPSS
Exploits0References4
NVD
NVD
added 2008/12/17 11:30 p.m.17 views

CVE-2008-5506

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

6.8CVSS6.4AI score0.02091EPSS
Exploits0References42
Prion
Prion
added 2008/12/17 11:30 p.m.27 views

Design/Logic Flaw

Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...

6.8CVSS6.5AI score0.02091EPSS
Exploits0References42Affected Software5
Rows per page
Query Builder