CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в libvirt

A flaw was discovered in libvirt. External inactive snapshots of shut-down virtual machines are created as being accessible to everyone on the network, allowing unprivileged users to inspect the contents of the guest operating systems. This leads to an information disclosure vulnerability...

5.5CVSS7.1AI score0.00033EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: net: The TOCTOU issue in skisreadable has been fixed. sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput call which usually occurs when a socket is removed from the sockma...

4.7CVSS6.2AI score0.00081EPSS

OSV•added 2026/05/11 9:31 p.m.•1 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

EUVD•added 2026/05/11 9:31 p.m.•3 views

Exploits0References6

EUVD-2026-29196

Github Security Blog•added 2026/05/11 9:31 p.m.•9 views

Exploits0References4

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Exploits0References6Affected Software1

NVD•added 2026/05/11 7:16 p.m.•5 views

CVE-2026-45222

6.9CVSS0.0001EPSS

Exploits0References3

Vulnrichment•added 2026/05/11 6:0 p.m.•3 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

OSV•added 2026/05/11 2:43 p.m.•1 views

Exploits0References3

GHSA-M5P4-GVPX-4MVR GuardDog: Unsanitized human-readable scan output allows terminal escape injection from malicious package content

Summary GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-readable output without escaping terminal control characters. A malicious package can therefore inject ANSI or OSC escape sequences into analyst terminals or CI logs...

5CVSS5.8AI score0.00013EPSS

Positive Technologies•added 2026/05/11 12:0 a.m.•6 views

PT-2026-39728

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Exploits0References4

Unity Linux 20.1060e / 20.1070e Security Update: guava (UTSA-2026-017554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017554 advisory. A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary...

3.3CVSS6.6AI score0.00072EPSS

Exploits1References4

Snyk•added 2026/05/06 11:23 p.m.•2 views

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

6.8CVSS5.8AI score

Exploits0References3

OSV•added 2026/05/06 11:23 p.m.•2 views

GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

5.5CVSS5.7AI score

RedhatCVE•added 2026/05/05 8:21 p.m.•2 views

CVE-2026-41686

Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.91.1, the BetaLocalFilesystemMemoryTool in the Anthropic TypeScript SDK created memory files and directories using the Node.js default modes...

4.8CVSS5.7AI score0.00012EPSS

GithubExploit•added 2026/05/05 1:52 p.m.•49 views

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail Toolset This repository contains t...

7.8CVSS7.3AI score0.02235EPSS

Exploits225

NVD•added 2026/05/04 7:16 p.m.•4 views

CVE-2026-41686

4.8CVSS0.00012EPSS

ATTACKERKB•added 2026/05/04 6:41 p.m.•0 views

CVE-2026-41686

4.8CVSS5.7AI score0.00012EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/04 6:41 p.m.•2 views

CVE-2026-41686 Claude SDK for TypeScript has Insecure Default File Permissions in Local Filesystem Memory Tool

4.8CVSS5.7AI score0.00012EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•2 views

Astra Linux - уязвимость в webkit2gtk

A flaw was found in WebKitGTK. This vulnerability allows remote, user-assisted information disclosure that can reveal any file the user is permitted to read via abusing the file drag-and-drop mechanism where WebKitGTK does not verify that drag operations originate from outside the browser...

7.4CVSS5.8AI score0.00055EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•1 views

Astra Linux - уязвимость в firefox, thunderbird

Poor management of ownership led to a “use-after-free” vulnerability in ReadableByteStreams. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

8.8CVSS7.3AI score0.00407EPSS