Lucene search
K

86 matches found

ATTACKERKB
ATTACKERKB
added 4 days ago5 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/25 11:23 p.m.18 views

CVE-2026-13218

CVE-2026-13218 : In KubeVirt, the virt-handler network cache handling allows a symlink attack via WriteToCachedFile, which writes to a launcher-rooted path with os.WriteFile and os.Chown. A user inside the virt-launcher container can place a symlink at the cache path, causing virt-handler to foll...

4.2CVSS5.9AI score0.00105EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.9 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
OSV
OSV
added 2026/06/10 8:32 p.m.5 views

GHSA-GHQ2-5C67-FPRM PDM: Project-Local State and Config Writes Follow Symlinks

Summary PDM writes several project-local state or configuration files without symlink protection. If a malicious repository places those files as symlinks, local PDM operations can overwrite the symlink targets. This creates an arbitrary file clobber primitive relative to the privileges of the...

6.8CVSS5.9AI score0.00024EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/31 12:0 a.m.3 views

Fedora 44 : cpp-httplib (2026-03599f0b32)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-03599f0b32 advisory. Update to 0.38.0 rhbz2447261 - Filename sanitization for path traversal prevention Added sanitizefilename to prevent path traversal attacks via malicious...

8.7CVSS5.9AI score0.00179EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : nodejs:12 (AXSA:2021-2440:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2440:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 8 : nodejs:14 (AXSA:2021-2448:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2448:01 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits5References9
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 7 : rh-nodejs14-nodejs-nodemon-2.0.3-5.el7, rh-nodejs14-nodejs-14.17.5-1.el7 (AXSA:2021-2387:02)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2387:02 advisory. nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22930 nodejs: Use-after-free on close http2 on stream canceling CVE-2021-22940...

9.8CVSS8AI score0.37286EPSS
Exploits7References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-1856

Malware in sbrugna...

8.2CVSS7AI score0.07795EPSS
Exploits0References25
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-11322

Malware in sbrugna...

5.5CVSS5.8AI score0.00457EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2018-9696

Malware in sbrugna...

5.5CVSS5AI score0.00309EPSS
Exploits0References3
OSV
OSV
added 2025/03/06 7:59 p.m.6 views

CLSA-2025-1741291194 flatpak: Fix of CVE-2024-42472

CVE-2024-42472: patch Flatpak to include the new --bind-fd option in bubblewrap to prevent symlink attacks on persistent directories...

10CVSS7.2AI score0.01283EPSS
Exploits1References1
SUSE Linux
SUSE Linux
added 2025/02/03 9:39 a.m.3 views

Security update for clamav

This update for clamav fixes the following issues: New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service DoS condition. Start clamonacc with --fdpass to avoid errors due to clamd not being able to acce...

8.7CVSS8.1AI score0.03312EPSS
Exploits0References30
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.12 views

SUSE SLES12: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2025:0328-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0328-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a...

7.5CVSS7.2AI score0.03312EPSS
Exploits0References21
Tenable Nessus
Tenable Nessus
added 2025/02/03 12:0 a.m.17 views

SUSE SLES15: clamav / clamav-devel / clamav-docs-html / clamav-milter / etc (SUSE-SU-2025:0325-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0325-1 advisory. New version 1.4.2: CVE-2025-20128, bsc1236307: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a...

7.5CVSS7.2AI score0.03312EPSS
Exploits0References21
OSV
OSV
added 2024/07/05 11:22 a.m.3 views

CLSA-2024-1720178532 python3: Fix of 2 CVEs

CVE-2023-6597: Prevent tempfile.TemporaryDirectory class dereference symlinks - CVE-2024-0450: Make zipfile module reject zip archives which overlap entries in the archive. Prevent “quoted-overlap” zip-bombs exploit...

7.8CVSS6.8AI score0.00333EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2023/10/20 12:0 a.m.37 views

Ubuntu 20.04 ESM : Tar for Node.js vulnerability (USN-5283-1)

The remote Ubuntu 20.04 ESM host has a package installed that is affected by a vulnerability as referenced in the USN-5283-1 advisory. It was discovered that Tar for Node.js did not properly sanitize path inputs. An attacker could possibly use this issue to read arbitrary files, resulting in a...

8.2CVSS7.2AI score0.07795EPSS
Exploits0References2
OSV
OSV
added 2023/02/22 7:59 p.m.6 views

CLSA-2023-1677095961 git: Fix of 6 CVEs

CVE-2022-41903: fix out-of-bounds write caused by integer overflow - CVE-2021-40330: forbid newlines in host and path - CVE-2022-39260: reject too long command line strings - CVE-2021-23521: implement size checks for .gitattributes - CVE-2023-22490: prevent arbitrary path exfiltration when using...

9.8CVSS7.1AI score0.44268EPSS
Exploits5References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:23 a.m.4 views

SUSE CVE-2018-17955

In yast2-multipath before version 4.1.1 a static temporary filename allows local attackers to overwrite files on systems without symlink protection...

7.8CVSS6.6AI score0.00309EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 4:21 a.m.5 views

SUSE CVE-2018-19637

Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supplog, allowing local attackers to overwrite files on systems without symlink protection...

7.3CVSS6AI score0.00457EPSS
Exploits0References8
Rows per page
Query Builder