Lucene search
+L

29 matches found

osv
osv
added 2026/07/07 4:2 p.m.5 views

PYSEC-2026-1477 Jupyter Core on Windows Has Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Impact On Windows, the shared %PROGRAMDATA% directory is searched for configuration files SYSTEMCONFIGPATH and SYSTEMJUPYTERPATH, which may allow users to create configuration files affecting other users. Only shared Windows systems with multiple users and unprotected %PROGRAMDATA% are affected...

7.3CVSS7.1AI score0.00154EPSS
Exploits0References6
redhatcve
redhatcve
added 2026/06/30 1:37 p.m.8 views

CVE-2026-46406

A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...

6.8CVSS6AI score0.00149EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.26 views

PT-2026-50494

Name of the Vulnerable Software and Affected Versions @earendil-works/pi-coding-agent versions 0.74.0 through 0.78.0 @mariozechner/pi-coding-agent versions 0.50.0 through 0.73.1 Description Pi is a minimal terminal coding harness that used predictable paths under the operating system temporary...

7.3CVSS6.2AI score0.00115EPSS
Exploits0References11
cvelist
cvelist
added 2026/05/12 7:12 p.m.41 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS0.00108EPSS
Exploits0References2
osv
osv
added 2026/05/12 7:12 p.m.2 views

CVE-2026-42191 OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter

OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP OpenTelemetry Protocol exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryProtocol silently fell back to Path.GetTempPath when OTELDOTNETEXPERIMENTALOTLPRETRY=disk was set but...

6.5CVSS6AI score0.00108EPSS
Exploits0References4
snyk
snyk
added 2026/04/30 6:34 p.m.8 views

Creation of Temporary File in Directory with Insecure Permissions

Overview OpenTelemetry.Exporter.OpenTelemetryProtocol is an OTLP Exporter for OpenTelemetry .NET. Affected versions of this package are vulnerable to Creation of Temporary File in Directory with Insecure Permissions in the ExperimentalOptions used in handling disk retry storage for telemetry data...

7.8CVSS5.8AI score0.00108EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/04/22 12:0 a.m.6 views

PT-2026-34503

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
osv
osv
added 2026/01/13 6:45 p.m.4 views

GHSA-597G-3PHW-6986 virtualenv Has TOCTOU Vulnerabilities in Directory Creation

Impact TOCTOU Time-of-Check-Time-of-Use vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's appdat...

4.5CVSS6.4AI score0.00085EPSS
Exploits0References5
euvd
euvd
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-30287

Malicious code in bioql PyPI...

6.9CVSS6.8AI score0.00192EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-31429

Malicious code in bioql PyPI...

7.3CVSS7.4AI score0.00134EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/05/23 10:18 a.m.17 views

CVE-2024-32478

Git Credential Manager GCM is a secure Git credential helper. Prior to 2.5.0, the Debian package does not set root ownership on installed files. This allows user 1001 on a multi-user system can replace binary and gain other users' privileges. This vulnerability is fixed in 2.5.0...

6.9CVSS6.8AI score0.00192EPSS
Exploits0References1
cvelist
cvelist
added 2025/05/16 2:35 p.m.28 views

CVE-2025-47794 Nextcloud Server vulnerable to insecure temporary file creation, race with write access and permission

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud...

2.6CVSS0.00409EPSS
Exploits0References3
osv
osv
added 2024/05/07 6:15 p.m.9 views

AZL-40400 CVE-2024-34397 affecting package glib for versions less than 2.78.6-1

An issue was discovered in GNOME GLib before 2.78.5, and 2.79.x and 2.80.x before 2.80.1. When a GDBus-based client subscribes to signals from a trusted system service such as NetworkManager on a shared computer, other users of the same computer can send spoofed D-Bus signals that the GDBus-based...

5.2CVSS6.6AI score0.00756EPSS
Exploits1References1
veracode
veracode
added 2023/09/29 11:40 a.m.12 views

Insufficiently Protected Credentials

github.com/schollz/croc is vulnerable to sensitive information disclosure via Insufficiently Protected Credentials. The vulnerability is due to when users specify a custom shared secret via the command line, as it becomes visible on the host's process list for all local users. This can lead to...

4.7CVSS6.1AI score0.0029EPSS
Exploits1References7Affected Software2
redhat
redhat
added 2023/05/16 8:32 a.m.6 views

git: Bypass of safe.directory protections

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This issue allows the owner of the repository to cause arbitrary commands to be executed by...

7.8CVSS7.3AI score0.00441EPSS
Exploits0References4
redhat
redhat
added 2023/05/16 8:32 a.m.10 views

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

7.8CVSS7.3AI score0.00782EPSS
Exploits0References5
redhat
redhat
added 2023/05/09 10:3 a.m.7 views

git: On multi-user machines Git users might find themselves unexpectedly in a Git worktree

A vulnerability was found in Git. This flaw occurs due to Git not checking the ownership of directories in a local multi-user system when running commands specified in the local repository configuration. This allows the owner of the repository to cause arbitrary commands to be executed by other...

7.8CVSS7.3AI score0.00782EPSS
Exploits0References5
osv
osv
added 2022/05/28 11:3 a.m.4 views

OESA-2022-1676 git security update

Git is a free and open source distributed version control system designed to handle everything from small to very large projects with speed and efficiency. Git is easy to learn and has a tiny footprint with lightning fast performance. It outclasses SCM tools like Subversion, CVS, Perforce, and...

7.8CVSS6.8AI score0.00782EPSS
Exploits0References2
osv
osv
added 2022/04/25 3:37 p.m.9 views

USN-5376-2 git vulnerability

USN-5376-1 fixed vulnerabilities in Git. This update provides the corresponding updates for Ubuntu 22.04 LTS. Original advisory details: 俞晨东 discovered that Git incorrectly handled certain repository paths in platforms with multiple users support. An attacker could possibly use this issue to run...

7.8CVSS7AI score0.00782EPSS
Exploits0References2
osv
osv
added 2022/04/12 6:15 p.m.2 views

DEBIAN-CVE-2022-24765

Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder C:.git, which would be picked up by Git operation...

7.8CVSS6.8AI score0.00782EPSS
Exploits0References1
Rows per page
Query Builder