Lucene search
K

2868 matches found

ATTACKERKB
ATTACKERKB
added 2 days ago5 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00162EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 5 days ago8 views

CVE-2026-48935

A flaw was found in Node.js. The Permission API allows a local user to modify file metadata on paths that have been explicitly set as read-only. This can lead to unauthorized changes in file properties, impacting the integrity of the file system. Mitigation Mitigation for this issue is either not...

3.3CVSS5.6AI score0.00149EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.2 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

A null pointer dereference issue was discovered in the SCTP network protocol within the net/sctp/streamsched.c file in the Linux kernel. If the streamin allocation fails, the streamout resource is freed, allowing further access to it. A local user could exploit this vulnerability to crash the...

5.5CVSS6.7AI score0.00209EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.11 views

Astra Linux – Vulnerability in Linux

The IBM Power9 AIX 7.1, 7.2, and VIOS 3.1 processors may allow a local user to obtain sensitive information from the data in the L1 cache under certain circumstances. IBM X-Force ID: 189296...

5.1CVSS6.2AI score0.0039EPSS
Exploits0References1
CVE
CVE
added 2026/06/17 9:5 p.m.18 views

CVE-2026-8049

The CVE-2026-8049 issue affects SignalRGB’s Windows kernel driver, SignalIo.sys, in versions prior to 1.3.7.0. The device object (.SignalIo) is created without an explicit SDDL security descriptor and without FILE_DEVICE_SECURE_OPEN, resulting in overly permissive default access. This permits any...

5.3CVSS5.3AI score0.00087EPSS
Exploits0References1
CVE
CVE
added 2026/06/13 2:34 a.m.26 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:16 p.m.9 views

CVE-2026-0267

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

6.9CVSS0.0011EPSS
Exploits0References2
CVE
CVE
added 2026/06/09 5:33 p.m.17 views

CVE-2026-0466

CVE-2026-0466 involves AMD uProf with improper access control. A local user may write to the kernel-shared memory section, potentially causing a crash or denial of service. Documents reference AMD’s security bulletin AMD-SB-9025, but provide no version-specific details or remediation steps. No ex...

6.8CVSS5.5AI score0.001EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-13755

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows includes DB2 Connect Server stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.4AI score0.00108EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 5:6 a.m.12 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.14 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:53 p.m.9 views

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 2:0 a.m.13 views

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

ASUS Armoury Crate 安全漏洞

ASUS Armoury Crate is a software utility developed by ASUS Corporation in China. It aims to provide centralized control over supported ROG gaming products. ASUS Armoury Crate has a security vulnerability caused by improper allocation of permissions for critical resources. This vulnerability may...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/28 6:29 p.m.10 views

CVE-2026-47336

Ubuntu Linux 6.8 contains SAUCE patches with a possible use of an uninitialized variable in AppArmor AFINET/AFINET6 socket mediation code. The bug can be triggered by an unprivileged local user and could result in incorrect fine-grained mediation of network sockets...

3.3CVSS5.8AI score0.00094EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/27 12:58 p.m.10 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:20 p.m.33 views

CVE-2026-2607 Multiple vulnerabilities in IBM MQ Operator and Queue manager container images

IBM MQ Operator SC2: v3.2.0 through 3.2.23CD: v3.3.0, v3.4.0, v3.4.1, v3.5.0, v3.5.1 - v3.5.3, v3.6.0 - v3.6.4, v3.7.0 - v3.7.2, v3.8.0, v3.8.1, v3.9.0, v3.9.1LTS: v2.0.0 - 2.0.29 and IBM supplied MQ Advanced container images SC2: 9.4.0.6 through r1, 9.4.0.6-r2, 9.4.0.7-r1, 9.4.0.10-r1,...

5.1CVSS0.00131EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:43 a.m.13 views

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/27 8:38 a.m.11 views

CVE-2025-13593

Origin validation error vulnerability in Synology ActiveProtect Agent before 1.1.0-0439 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...

6.1CVSS5.9AI score0.00086EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

IBM MQ Operator和IBM supplied MQ Advanced container images 日志信息泄露漏洞

IBM MQ Operator and IBM supplied MQ Advanced container images are products of International Business Machines Corporation IBM. IBM MQ Operator is a tool used to manage the lifecycle of IBM MQ queue managers. IBM supplied MQ Advanced container images are Docker/OCI container images. Both IBM MQ...

5.1CVSS5.8AI score0.00131EPSS
Exploits0References2
Rows per page
Query Builder