CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

uutils coreutils has a Time-of-check Time-of-use (TOCTOU) Race Condition

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

EUVD-2026-25015

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from the lack of explicit permission restrictions when nohup is used to create the default output file. This vulnerability could allow any user in...

PT-2026-29091

Nginx-UI and Affected Versions Nginx-UI versions 2.3.3 and prior Description Nginx-UI contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user to access, modify, and delete resources belonging to other users. The application's base Model struct lacks a us...

OpenClaw 访问控制错误漏洞

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an Access Control Error vulnerability that can be exploited by an attacker to cause session content disclosure in a multi-user environment...

CVE-2026-27004

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

CVE-2026-27004 OpenClaw session tool visibility hardening and Telegram webhook secret fallback

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools sessionslist, sessionshistory, sessionssend allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in...

EUVD-2009-3351

Malware in sbrugna...

EUVD-2024-18517

Malicious code in bioql PyPI...

CVE-2025-9901

CVE-2025-9901 affects the libsoup library’s SoupCache: it ignores the HTTP Vary header when evaluating cached responses. This can cause cached content to be improperly reused across requests, potentially exposing sensitive data in proxy or multi-user environments. Confidentiality impact is indica...

Fess has Insecure Temporary File Permissions

Summary Fess an open-source Enterprise Search Server creates temporary files without restrictive permissions, which may allow local attackers to read sensitive information from these temporary files. Details The createTempFile method in org.codelibs.fess.helper.SystemHelper creates temporary file...

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

CVE-2024-34664

Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment...

PT-2024-26085 · Samsung · Knox Guard

Name of the Vulnerable Software and Affected Versions: Knox Guard versions prior to SMR Oct-2024 Release 1 Description: The issue is related to an improper check for exception conditions in Knox Guard, allowing physical attackers to bypass Knox Guard in a multi-user environment. Recommendations:...

CVE-2024-20802

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment...

Improper access control

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment...