Lucene search
+L

8665 matches found

cve
cve
added 2026/06/27 8:48 a.m.33 views

CVE-2026-49417

CVE-2026-49417 is part of two memory-safety issues in FreeBSD’s sound(4) mmap path. The advisories describe: (1) dsp_mmap_single() could overflow when validating a requested mapping, allowing a mapping to extend past the audio buffer into kernel memory (CVE-2026-45258), and (2) the audio buffer b...

7CVSS5.9AI score0.00125EPSS
Exploits0References1Affected Software1
ptsecurity
ptsecurity
added 2026/06/27 12:0 a.m.13 views

PT-2026-53060

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An integer overflow occurs in the dsp mmap single function when validating requested mappings by summing a user-supplied offset and length against the buffer siz...

7.8CVSS6AI score0.00149EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2026/06/27 12:0 a.m.16 views

PT-2026-53063

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An issue exists where the audio buffer backing a mapping could be freed upon closing the device while the mapping remains valid. This allows the freed memory to ...

7CVSS6.1AI score0.00125EPSS
Exploits0References6
osv
osv
added 2026/06/26 8:44 p.m.3 views

GHSA-57F6-PVX8-HWJ6 turso-cli persists Turso platform JWT with world-readable (0o644) file permissions

Summary turso-cli persists the user's Turso platform JWT to settings.json using Viper's default configPermissions of 0o644, leaving the credential file world-readable on standard Linux and macOS systems. Any other local UID on the host can read the file and recover the platform JWT, which grants...

5.5CVSS5.6AI score
Exploits0References2
cvelist
cvelist
added 2026/06/26 4:21 p.m.36 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS0.00089EPSS
Exploits0References2
osv
osv
added 2026/06/26 4:21 p.m.4 views

CVE-2026-45407 Dokku: Git Credentials in .netrc Stored World-Readable Due to Premature touch

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKUROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user wh...

5CVSS5.9AI score0.00089EPSS
Exploits0References4
cve
cve
added 2026/06/26 4:21 p.m.14 views

CVE-2026-45407

Technical details about CVE-2026-45407 are not publicly available in the provided documents. Monitor for updates.

5.5CVSS5.8AI score0.00089EPSS
Exploits0References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/26 12:0 a.m.12 views

PT-2026-53017

Name of the Vulnerable Software and Affected Versions turso-cli affected versions not specified Description the turso-cli tool stores the user's platform JSON Web Token JWT in a settings.json file using default file permissions of 0o644. This configuration makes the credential file world-readable...

5.5CVSS6AI score
Exploits0References4
osv
osv
added 2026/06/25 6:4 p.m.3 views

CVE-2026-46607 Glances: Insecure Pickle Deserialization in Version Cache Leads to Arbitrary Code Execution

Glances is an open-source system cross-platform monitoring tool. Prior to 4.5.5, glances/outdated.py uses pickle.load to read a version-check cache file stored at a predictable, world-accessible path /.cache/glances/glances-version.db or $XDGCACHEHOME/glances/glances-version.db. No integrity chec...

7.8CVSS6.6AI score0.00303EPSS
Exploits0References4
github
github
added 2026/06/25 4:53 p.m.23 views

@anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

6.1CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
osv
osv
added 2026/06/25 4:53 p.m.3 views

GHSA-4VP2-6Q8C-PVQ2 @anthropic-ai/claude-code has an Insecure Temporary File in /copy Command that Enables Response Disclosure and Symlink-Based File Write

The Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable directory 0755, allowing any local user to read a privileged user's Clau...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/25 12:0 a.m.13 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
cvelist
cvelist
added 2026/06/24 8:45 p.m.19 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS0.02902EPSS
Exploits0References2
osv
osv
added 2026/06/24 8:45 p.m.5 views

CVE-2026-32315 motionEye: World-Readable Configuration File Exposes Admin Password Hash

motionEye mEye is an online interface for motion software, a video surveillance program with motion detection. Versions prior to 0.44.0 create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contains...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References4
cve
cve
added 2026/06/24 8:45 p.m.14 views

CVE-2026-32315

motionEye prior to 0.44.0 creates /etc/motioneye/motion.conf with 644 permissions (-rw-r--r--) and per-camera camera-.conf with identical permissions, making the admin password hash and camera credentials readable by any local user. The SHA1 admin password hash can be cracked offline to plaintext...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
osv
osv
added 2026/06/22 5:11 p.m.5 views

GHSA-RHGP-6WQ6-9J67 motionEye's World-Readable Configuration File Exposes Admin Password Hash

Security Advisory: World-Readable Configuration File Exposes Admin Password Hash in motionEye Summary motionEye v0.43.1 and prior versions create the configuration file /etc/motioneye/motion.conf with 644 permissions -rw-r--r--, making it readable by any local user on the system. This file contai...

5.5CVSS5.8AI score0.02902EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/06/22 12:0 a.m.20 views

PT-2026-51431

Name of the Vulnerable Software and Affected Versions motionEye versions prior to 0.44.0 Description Configuration files /etc/motioneye/motion.conf and camera-.conf are created with 644 permissions, making them readable by any local user on the system. The motion.conf file contains sensitive data...

5.5CVSS5.7AI score0.02902EPSS
Exploits0References13
attackerkb
attackerkb
added 2026/06/21 1:26 p.m.6 views

CVE-2026-56236

Capgo CLI before 12.128.2 contains arbitrary file overwrite vulnerabilities in login and build credentials operations that follow symlinks without validation. Attackers can create malicious symlinks in repositories to overwrite arbitrary files or expose credentials with world-readable permissions...

6.8CVSS6AI score0.00134EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/06/19 7:11 p.m.6 views

CVE-2026-49340

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path o...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2026/06/17 11:17 p.m.15 views

CVE-2026-50267

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. In Steeltoe.Configuration.Abstractions 4.0.0 through 4.1.0, when MySQL or PostgreSQL service bindings from VCAPSERVICES include TLS client credentials, the Connectors libra...

4.7CVSS0.00065EPSS
Exploits0References2
Rows per page
Query Builder