Lucene search
K

1691 matches found

Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34503

The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typically resulting in a world-readable file 0644. In multi-user environments, this allows any user on the...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-35367

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to...

3.3CVSS5.8AI score0.00114EPSS
Exploits1References3
OSV
OSV
added 2026/04/21 8:35 a.m.5 views

SUSE-SU-2026:21263-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-12748: Denial of service in XML parsing bsc1253278. - CVE-2025-13193: Information disclosure via world-readable VM snapshots bsc1253703...

5.5CVSS6AI score0.00204EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/04/01 11:0 p.m.9 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 2026/04/01 9:15 p.m.3 views

GHSA-Q5F5-3GJM-7MFM Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/01 9:15 p.m.9 views

Claude SDK for Python has Insecure Default File Permissions in Local Filesystem Memory Tool

The local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and world-writable in environments with a permissive umask such as many Docker base images. A local attacker on a shared host could read...

4.8CVSS5.9AI score0.00122EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/31 10:16 p.m.7 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS0.00122EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/31 9:32 p.m.6 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/31 9:32 p.m.8 views

CVE-2026-34450

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/31 9:32 p.m.31 views

CVE-2026-34450 Claude SDK for Python: Insecure Default File Permissions in Local Filesystem Memory Tool

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.4 views

PT-2026-29378

The Claude SDK for Python provides access to the Claude API from Python applications. From version 0.86.0 to before version 0.87.0, the local filesystem memory tool in the Anthropic Python SDK created memory files with mode 0o666, leaving them world-readable on systems with a standard umask and...

4.8CVSS5.8AI score0.00122EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/18 4:9 p.m.30 views

Capgo CLI: symlink-following local secret writes enable arbitrary file overwrite + world-readable credentials (0600 missing)

Summary The Capgo CLI writes sensitive local files .capgo API key file and build credentials JSON using unsafe file operations that follow symlinks and do not enforce safe permissions. This allows an attacker-controlled repository to cause arbitrary file overwrite on the developer’s machine when...

5.9AI score
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.5 views

EulerOS Virtualization 2.12.1 : libvirt (EulerOS-SA-2026-1470)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/17 12:0 a.m.3 views

EulerOS Virtualization 2.12.0 : libvirt (EulerOS-SA-2026-1527)

According to the versions of the libvirt packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was perform...

5.5CVSS5.9AI score0.00204EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/06 7:52 a.m.6 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

10CVSS5.9AI score0.00277EPSS
Exploits1References1
CVE
CVE
added 2026/03/05 4:4 p.m.35 views

CVE-2026-30785

RustDesk Client (through version 1.4.5) is affected by CVE-2026-30785 due to a vulnerability described as Prototype Pollution and weak password hashing in the password_security, config, and machine-uid-related code paths (hbb_common and related modules). The issue can allow Retrieve Embedded Sens...

8.2CVSS6AI score0.00083EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/05 4:4 p.m.2 views

CVE-2026-30785 RustDesk Encrypts Local Passwords with World-Readable Machine ID and Fixed Zero Nonce (XSalsa20-Poly1305)

Improperly Controlled Modification of Object Prototype Attributes 'Prototype Pollution', Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk, hbbcommon on Windows, MacOS, Linux Password security module, config encryption, machine U...

8.2CVSS6AI score0.00083EPSS
Exploits1References8
EUVD
EUVD
added 2026/03/05 6:30 a.m.7 views

EUVD-2026-9789

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

8.6CVSS6AI score0.00277EPSS
Exploits1References2
NVD
NVD
added 2026/03/05 6:16 a.m.5 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

10CVSS0.00277EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 5:12 a.m.3 views

CVE-2026-29128

IDC SFX2100 Satellite Receiver firmware ships with multiple daemon configuration files for routing components e.g., zebra, bgpd, ospfd, and ripd that are owned by root but world-readable. The configuration files e.g., zebra.conf, bgpd.conf, ospfd.conf, ripd.conf contain hardcoded or otherwise...

8.6CVSS6AI score0.00277EPSS
Exploits1References2
Rows per page
Query Builder