CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 3 days ago•29 views

CVE-2026-11931 Insecure Permissions on Authentication Token Cache File in Kiro IDE

6.8CVSS0.00115EPSS

CVE•added 3 days ago•12 views

CVE-2026-11931

CVE-2026-11931 affects Kiro IDE on macOS and Linux prior to version 0.11.133, where the authentication token cache file could be world-readable (0644) instead of owner-restricted (0600). This may allow other local users/processes to access cached tokens. Remediation: upgrade to Kiro IDE 0.11.133 ...

6.8CVSS5.3AI score0.00115EPSS

Positive Technologies•added 3 days ago•4 views

PT-2026-49284

6.8CVSS5.4AI score0.00115EPSS

RedhatCVE•added 2026/06/05 7:33 p.m.•6 views

CVE-2026-45222

Summarize versions through 0.14.1, fixed in commit 0cfb0fb, creates the daemon configuration directory and file with default filesystem permissions that may be world-readable on Unix-like systems, allowing local attackers to read bearer tokens and API credentials stored in /.summarize/daemon.json...

6.9CVSS5.5AI score0.00098EPSS

Exploits0References1

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в guava-libraries

There is a vulnerability related to the creation of temporary directories in all versions of Guava. An attacker with access to the system can potentially access data stored in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir. By default, on Unix-like systems...

3.3CVSS6.6AI score0.00964EPSS

Exploits1References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в cloud-init

Sensitive data may have been exposed in cloud-init logs that are readable to the world before version 22.3, when schema failures were reported. This leakage could involve hashed passwords...

5.5CVSS6AI score0.00236EPSS

EUVD•added 2026/05/11 9:31 p.m.•4 views

EUVD-2026-29196

Github Security Blog•added 2026/05/11 9:31 p.m.•9 views

Exploits0References4

@steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

Exploits0References6Affected Software1

OSV•added 2026/05/11 9:31 p.m.•2 views

GHSA-QP7V-GJGG-4MJ6 @steipete/summarize allows local attackers to read bearer tokens and API credentials stored in ~/.summarize/daemon.json

NVD•added 2026/05/11 7:16 p.m.•7 views

Exploits0References6

CVE-2026-45222

6.9CVSS0.00098EPSS

Vulnrichment•added 2026/05/11 6:0 p.m.•6 views

CVE-2026-45222 Summarize Insecure Daemon Configuration File Permissions

Positive Technologies•added 2026/05/11 12:0 a.m.•8 views

PT-2026-39728

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Exploits0References4

Unity Linux 20.1060e / 20.1070e Security Update: guava (UTSA-2026-017554)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017554 advisory. A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary...

3.3CVSS6.6AI score0.00964EPSS

Exploits1References4

Snyk•added 2026/05/06 11:23 p.m.•6 views

Incorrect Permission Assignment for Critical Resource

Overview @axonflow/openclaw is a Policy enforcement, approval gates, and audit trails for OpenClaw — govern tool inputs before execution, scan outbound messages for PII/secrets, and record agent activity for review and compliance Affected versions of this package are vulnerable to Incorrect...

6.8CVSS5.8AI score

OSV•added 2026/05/06 11:23 p.m.•2 views

GHSA-CQMH-PCGR-Q42F @axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

Summary Two related permission defects in this AxonFlow plugin allowed registration credentials and cache state to be readable by other local users on hosts where the calling user's home directory was at the conventional 0755 mode. Affected versions Versions 1.3.2 and below. Impact 1. Cache and...

5.5CVSS5.7AI score