Lucene search
+L

7 matches found

OSV
OSV
added 2026/06/26 8:44 p.m.3 views

GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.5CVSS5.6AI score
Exploits0References2
NVD
NVD
added 2026/05/29 1:16 p.m.21 views

CVE-2026-45551

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS0.0023EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:34 p.m.11 views

EUVD-2026-33290

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS5.9AI score0.0023EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.16 views

PT-2026-44827

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any user id via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS5.9AI score0.0023EPSS
Exploits0References2
OSV
OSV
added 2023/05/01 12:0 a.m.59 views

ASB-A-261588851

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS7.8AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2023/03/24 8:15 p.m.25 views

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS7.8AI score0.00095EPSS
Exploits0References1
OSV
OSV
added 2023/03/24 8:15 p.m.6 views

CVE-2023-20993

In multiple functions of SnoozeHelper.java, there is a possible failure to persist settings due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

7.8CVSS5.9AI score0.00095EPSS
Exploits0References1
Rows per page
Query Builder