9 matches found
@airalogy/airalogy-engine (>=0.0.1 <=0.0.2) potentially affected by CVE-2026-46695 via @boxlite-ai/boxlite (=0.8.2)
@boxlite-ai/boxlite NPM version =0.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on @boxlite-ai/boxlite and may be impacted: - @airalogy/airalogy-engine =0.0.1, =0.0.2 Source cves: CVE-2026-46695 Source advisory: OSV:GHSA-G6WW-W5J2-R7X3...
GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool
The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...
CVE-2025-57823
A direct request 'forced browsing' vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least sponsor permissions to read and...
OpenCTI 授权问题漏洞
OpenCTI is an open source cyber threat intelligence platform from OpenCTI Open Source. An Authorization Problem Vulnerability exists in versions prior to OpenCTI 6.6.6, which stems from an IDOR vulnerability that could lead to unauthorized access or modification notifications...
PT-2024-7606
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a use-after-free vulnerability in the async decryption function of the Linux kernel's SMB client. This vulnerability can be exploited to impact the confidentiality,...
AZL-47403 CVE-2024-42156 affecting package kernel for versions less than 6.6.64.2-9
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key...
Couchbase Server 安全漏洞
Couchbase Server is a distributed, open source NoSQL non-relational database from Couchbase, Inc. that supports data querying, full-text searching, and active global replication. A security vulnerability exists in Couchbase Server versions prior to 6.6.6, 7.x through 7.0.5, and 7.1.x through 7.1....
Keepalived Information Disclosure Vulnerability
Keepalived is a routing software written in C. It is mainly used for load balancing and fault detection. The software is mainly used for load balancing and fault detection. An information disclosure vulnerability exists in keepalived version 2.0.8, which originates from the creation of a new...
CVE-2016-5616
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidate is a reservation duplicate of CVE-2016-6663. Notes: All CVE users should reference CVE-2016-6663 instead of this candidate. All references and descriptions in this candidate have been removed to...