Lucene search
+L

1693 matches found

osv
osv
added 2026/06/24 8:45 p.m.5 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References4
cve
cve
added 2026/06/24 8:45 p.m.14 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
osv
osv
added 2026/06/22 5:11 p.m.5 views

GHSA-RHGP-6WQ6-9J67 motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.20 views

PT-2026-51431

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...

5.5CVSS5.7AI score0.02902EPSS
Exploits0References13
attackerkb
attackerkb
added 2026/06/21 1:26 p.m.6 views

CVE-2026-56236

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS6AI score0.00134EPSS
Exploits0References3
nvd
nvd
added 2026/06/17 11:17 p.m.15 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
osv
osv
added 2026/06/17 9:34 p.m.6 views

GHSA-99F9-J8R3-P853 Hermes Agent creates response_store.db and webhook_subscriptions.json with world-readable permissions (mode 0o644)

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS5.8AI score0.00108EPSS
Exploits0References7
nvd
nvd
added 2026/06/17 7:18 p.m.13 views

CVE-2026-53870

Hermes Agent before 0.16.0 creates responsestore.db and webhooksubscriptions.json with world-readable permissions mode 0o644, exposing conversation history and HMAC secrets to local users. Attackers with local filesystem access can read these files directly to obtain sensitive data including...

6.8CVSS0.00108EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.24 views

PT-2026-50567

Name of the Vulnerable Software and Affected Versions Steeltoe.Configuration.Abstractions versions 4.0.0 through 4.1.0 Description When MySQL or PostgreSQL service bindings from VCAP SERVICES include TLS client credentials, the Connectors library writes these credentials to temporary files in...

4.7CVSS5.9AI score0.00065EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.16 views

PT-2026-50519

Name of the Vulnerable Software and Affected Versions Hermes Agent versions prior to 0.16.0 Description The software creates response store.db and webhook subscriptions.json files with world-readable permissions mode 0o644. This configuration allows local users with filesystem access to read thes...

6.8CVSS6.1AI score0.00108EPSS
Exploits0References14
euvd
euvd
added 2026/06/15 9:30 p.m.13 views

EUVD-2026-36791

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.3AI score0.00122EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/15 6:33 p.m.35 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS0.00122EPSS
Exploits0References2
cve
cve
added 2026/06/15 6:33 p.m.94 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00122EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/15 12:0 a.m.16 views

PT-2026-49284

Incorrect default permissions in Kiro IDE on macOS and Linux before version 0.11.133 could expose the authentication token cache file to other local users or processes via world-readable permissions 0644 instead of owner-restricted permissions 0600. To remediate this issue, users should upgrade t...

6.8CVSS5.4AI score0.00122EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:33 p.m.11 views

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.5AI score0.00098EPSS
Exploits0References1
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in cloud-init

Sensitive data may have been exposed in cloud-init logs that are readable to the world before version 22.3, when schema failures were reported. This leakage could involve hashed passwords...

5.5CVSS6AI score0.00236EPSS
Exploits0References2
astralinux
astralinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in temporary directories created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

3.3CVSS6.6AI score0.00964EPSS
Exploits1References2
osv
osv
added 2026/05/11 9:31 p.m.9 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References6
euvd
euvd
added 2026/05/11 9:31 p.m.14 views

EUVD-2026-29196

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References4
github
github
added 2026/05/11 9:31 p.m.16 views

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.8AI score0.00098EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder