CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 6 days ago•8 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS

NVD•added 6 days ago•7 views

CVE-2026-53870

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS0.00108EPSS

Exploits0References5

Positive Technologies•added 6 days ago•11 views

PT-2026-50567

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Abstractions versions 4.0.0 through 4.1.0 Description When MySQL or PostgreSQL service bindings from VCAP SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in...

4.7CVSS5.9AI score0.00065EPSS

Exploits0References4

EUVD•added 2026/06/15 9:30 p.m.•9 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00115EPSS

Cvelist•added 2026/06/15 6:33 p.m.•31 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

6.8CVSS0.00115EPSS

CVE•added 2026/06/15 6:33 p.m.•30 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00115EPSS

Positive Technologies•added 2026/06/15 12:0 a.m.•8 views

PT-2026-49284

6.8CVSS5.4AI score0.00115EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•7 views

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.5AI score0.00098EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в cloud-init

Sensitive data may have been exposed in cloud-init logs that are readable to the world before version 22.3, when schema failures were reported. This leakage could involve hashed passwords...

5.5CVSS6AI score0.00236EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•5 views

Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

3.3CVSS6.6AI score0.00964EPSS

Exploits1References2

OSV•added 2026/05/11 9:31 p.m.•4 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Github Security Blog•added 2026/05/11 9:31 p.m.•12 views

Exploits0References6

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Exploits0References6Affected Software1

EUVD•added 2026/05/11 9:31 p.m.•9 views

EUVD-2026-29196

NVD•added 2026/05/11 7:16 p.m.•10 views

Exploits0References4

CVE-2026-45222

6.9CVSS0.00098EPSS

Vulnrichment•added 2026/05/11 6:0 p.m.•7 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Tenable Nessus•added 2026/05/11 12:0 a.m.•6 views

Unity Linux 20.1060e / 20.1070e Security Update: guava (UTSA-2026-017554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017554 advisory. A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary...

3.3CVSS6.6AI score0.00964EPSS

Exploits1References4

Positive Technologies•added 2026/05/11 12:0 a.m.•10 views

PT-2026-39728

Snyk•added 2026/05/06 11:23 p.m.•6 views

Exploits0References4

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

6.8CVSS5.8AI score

OSV•added 2026/05/06 11:23 p.m.•2 views

GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

5.5CVSS5.7AI score