Lucene search
K

86 matches found

Cvelist
Cvelist
added 2 days ago33 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00162EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in glib before version 2.63.6. Due to random charset aliases, pkexec can leak content from files owned by privileged users to unprivileged users under certain conditions...

5.5CVSS6.6AI score0.00531EPSS
Exploits1References2
NVD
NVD
added 2026/06/09 1:16 p.m.27 views

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS0.00085EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:21 a.m.36 views

CVE-2026-2638

Technical details beyond the summary are not publicly available in the provided documents. Monitor for updates.

7.3CVSS5.4AI score0.00085EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:21 a.m.29 views

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS0.00085EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.8 views

CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 8:21 p.m.11 views

EUVD-2026-29295

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

8.8CVSS5.9AI score0.00132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/16 4:32 a.m.10 views

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

7CVSS5.8AI score0.0013EPSS
Exploits0References2
NVD
NVD
added 2026/03/05 2:16 a.m.6 views

CVE-2026-29122

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS0.00139EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 12:53 a.m.12 views

CVE-2026-29122

IDC SFX2100 ships with /bin/date with setuid, enabling local user to perform privileged reads as root. The vulnerability arises from a setuid binary in the local filesystem, allowing bypass of normal permissions and exposure of sensitive files (e.g., /etc/shadow). Impact is described as high conf...

9.2CVSS6AI score0.00139EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

International Datacasting SFX2100 SuperFlex Satellite Receiver 安全漏洞

The International Datacasting SFX2100 SuperFlex Satellite Receiver is a professional broadcast-grade satellite signal receiving device from the International Datacasting company. The International Datacasting SFX2100 SuperFlex Satellite Receiver has a security vulnerability, which stems from the...

9.2CVSS5.9AI score0.00148EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.3 views

PT-2026-23099

Name of the Vulnerable Software and Affected Versions IDC SFX2100 satellite receiver affected versions not specified Description The IDC SFX2100 satellite receiver includes the /bin/date utility installed with the setuid bit set. This configuration allows any local user who can execute the binary...

9.2CVSS5.9AI score0.00139EPSS
Exploits1References7
NVD
NVD
added 2026/02/12 10:16 p.m.10 views

CVE-2026-26224

Intego Log Reporter, a macOS diagnostic utility bundled with Intego security products that collects system and application logs for support analysis, contains a local privilege escalation vulnerability. A root-executed diagnostic script creates and writes files in /tmp without enforcing secure...

8.5CVSS0.0011EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:19 a.m.8 views

CVE-2019-18644

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted...

5.9CVSS6.8AI score0.00561EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-27060

Malware in sbrugna...

5.5CVSS6.5AI score0.00531EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-15763

Malware in sbrugna...

7.3CVSS6.9AI score0.00281EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/08/13 8:51 p.m.9 views

CVE-2011-10010 QuickShare File Server 1.2.1 Path Traversal RCE

QuickShare File Server 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the...

9.4CVSS0.01485EPSS
Exploits0References6
NVD
NVD
added 2025/08/12 7:15 p.m.5 views

CVE-2024-40588

Multiple relative path traversal vulnerabilities CWE-23 vulnerability in Fortinet FortiCamera 2.1 all versions, FortiCamera 2.0.0, FortiCamera 1.1 all versions, FortiCamera 1.0 all versions, FortiMail 7.6.0 through 7.6.1, FortiMail 7.4.0 through 7.4.3, FortiMail 7.2 all versions, FortiMail 7.0 al...

4.4CVSS0.00164EPSS
Exploits0References1
CVE
CVE
added 2025/08/12 6:59 p.m.28 views

CVE-2024-40588

CVE-2024-40588 describes multiple relative path traversal vulnerabilities in Fortinet FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The issue allows a privileged attacker to read files on the underlying filesystem via crafted CLI requests. Affected versions include FortiCamera ...

4.4CVSS6.3AI score0.00164EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/12 12:0 a.m.5 views

PT-2025-32871 · Fortinet · Fortindr +4

Name of the Vulnerable Software and Affected Versions: Fortinet FortiMail versions 7.6.0 through 7.6.1 and prior to 7.4.3 Fortinet FortiVoice versions 7.0.0 through 7.0.5 and prior to 7.4.9 Fortinet FortiRecorder versions 7.2.0 through 7.2.1 and prior to 7.0.4 Fortinet FortiCamera versions 7.6.0...

4.4CVSS6.4AI score0.00164EPSS
Exploits0References4
Rows per page
Query Builder