Lucene search
K

1686 matches found

Debian CVE
Debian CVE
added 6 days ago6 views

CVE-2026-59946

Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...

6.1CVSS5.9AI score0.00136EPSS
Exploits0
Positive Technologies
Positive Technologies
added 6 days ago9 views

PT-2026-56549

Name of the Vulnerable Software and Affected Versions Composer versions prior to 2.2.29 Composer versions prior to 2.10.2 Description A flaw in the binary installation flow allows a package bin entry containing .. path segments to resolve outside the package installation directory. This can lead ...

6.1CVSS6.2AI score0.00136EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.8 views

Anthropic Claude Code 2.1.59 < 2.1.128 Information Disclosure (CVE-2026-46406)

The version of Anthropic Claude Code installed on the remote host is 2.1.59 prior to 2.1.128. It is, therefore, affected by an information disclosure vulnerability: - The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation,...

6.1CVSS6AI score0.00149EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/02 8:32 p.m.8 views

EUVD-2026-37820

Steeltoe: TLS private keys written to /tmp with default permissions, never deleted...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References3
OSV
OSV
added 2026/07/02 8:32 p.m.4 views

GHSA-RXRH-4J9H-XGG9 Steeltoe: TLS private keys written to /tmp with default permissions, never deleted

Summary When MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors library writes those credentials to temporary files in Path.GetTempPath using File.CreateText. On Linux, File.CreateText creates files with mode 0644 world-readable under the process...

4.7CVSS5.8AI score0.00065EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/30 1:37 p.m.8 views

CVE-2026-46406

A flaw was found in Claude Code. The /copy command created responses in a predictable, world-readable temporary file without proper isolation or symlink protection. This allowed a local unprivileged user to read sensitive information from a privileged user's Claude response, potentially containin...

6.8CVSS6AI score0.00149EPSS
Exploits0References4
NVD
NVD
added 2026/06/29 3:16 p.m.10 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

6.1CVSS0.00149EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 2:3 p.m.36 views

CVE-2026-46406 Claude Code: Insecure Temporary File in /copy Command Enables Response Disclosure and Symlink-Based File Write

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS0.00149EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/29 2:3 p.m.6 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/06/29 2:3 p.m.8 views

EUVD-2026-40116

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References1
OSV
OSV
added 2026/06/26 8:44 p.m.3 views

GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.5CVSS5.6AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 4:21 p.m.36 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS0.00089EPSS
Exploits0References2
CVE
CVE
added 2026/06/26 4:21 p.m.13 views

CVE-2026-45407

Technical details about CVE-2026-45407 are not publicly available in the provided documents. Monitor for updates.

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.12 views

PT-2026-53017

Name of the Vulnerable Software and Affected Versions turso-cli affected versions not specified Description the turso-cli tool stores the user's platform JSON Web Token JWT in a settings.json file using default file permissions of 0o644. This configuration makes the credential file world-readable...

5.5CVSS6AI score
Exploits0References4
OSV
OSV
added 2026/06/25 4:53 p.m.3 views

GHSA-4VP2-6Q8C-PVQ2 @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/25 4:53 p.m.22 views

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 8:45 p.m.17 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:45 p.m.4 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 8:45 p.m.13 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
Rows per page
Query Builder