Lucene search
K

60 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-35025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restriction...

8.6CVSS6AI score0.00331EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 2:17 p.m.11 views

CVE-2026-35025

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00331EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/24 1:21 p.m.18 views

CVE-2026-35025

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 1:21 p.m.8 views

EUVD-2026-38789

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 1:21 p.m.36 views

CVE-2026-35025

ProFTPD versions affected: 1.3.9b and 1.3.10rc2. Issue: an access control bypass in the RNFR path handling allows authenticated FTP users to bypass Directory ACL restrictions by prefixing paths with /proc/self/root. Root cause: unresolved symlink components in dir_canonical_path() cause dir_check...

8.6CVSS5.9AI score0.00331EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/06/24 1:21 p.m.42 views

CVE-2026-35025 ProFTPD ACL Bypass via /proc/self/root Path Prefix in RNFR

ProFTPD through 1.3.9b and 1.3.10rc2 contains an access control bypass vulnerability that allows authenticated FTP users to circumvent Directory ACL restrictions by prefixing paths with /proc/self/root in the RNFR command handler. Attackers can exploit the unresolved symlink components in...

8.6CVSS0.00331EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.11 views

PT-2026-52087

Name of the Vulnerable Software and Affected Versions KubeVirt affected versions not specified Description A flaw exists in the safepath package used by virt-handler. The OpenAtNoFollow function utilizes O PATH|O NOFOLLOW to obtain a file descriptor for a path leaf; however, subsequent operations...

7.3CVSS6AI score0.00122EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.49 views

PT-2026-51789

Name of the Vulnerable Software and Affected Versions ProFTPD versions 1.3.9b through 1.3.10rc2 Description An access control bypass allows authenticated FTP users to circumvent Directory ACL restrictions. By prefixing paths with /proc/self/root in the RNFR command handler, attackers can exploit...

8.6CVSS6AI score0.00331EPSS
Exploits0References15
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/12 6:0 p.m.14 views

Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 6:0 p.m.8 views

MAL-2026-3680 Malicious code in @a91082900/test_package (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b8349cd7ce2c9ac2321dce8f80e5a46c0064b382fb7e54e975ff27a2dcab1254 The package's main file index.js executes at module load, with no exports and no user-invoked API. On import it issues...

5.9AI score
Exploits0References1
OSV
OSV
added 2026/05/12 3:25 p.m.9 views

CLSA-2026-1778599539 Fix CVE(s): CVE-2026-4878

SECURITY UPDATE: TOCTOU race condition in capsetfile - debian/patches/CVE-2026-4878.patch: open the target file and operate on /proc/self/fd/N so the inode is locked between the regular-file check and the xattr update - CVE-2026-4878...

7CVSS5.8AI score0.00188EPSS
Exploits1References1
PyPA
PyPA
added 2026/02/12 4:16 p.m.13 views

PYSEC-2026-34

Crawl4AI versions prior to 0.8.0 contain a local file inclusion vulnerability in the Docker API deployment. The /executejs, /screenshot, /pdf, and /html endpoints accept file:// URLs, allowing unauthenticated remote attackers to read arbitrary files from the server filesystem. An attacker can...

9.2CVSS6AI score0.00609EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2000-1131

Malware in sbrugna...

2.1CVSS6.4AI score0.00364EPSS
Exploits0References6
RustSec
RustSec
added 2025/02/10 12:0 p.m.17 views

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

7AI score
Exploits0
UbuntuCve
UbuntuCve
added 2024/06/19 3:15 p.m.20 views

CVE-2021-47599

In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...

4.7CVSS6.3AI score0.00148EPSS
Exploits0References25
Vulnrichment
Vulnrichment
added 2024/06/19 2:54 p.m.13 views

CVE-2021-47599 btrfs: use latest_dev in btrfs_show_devname

In the Linux kernel, the following vulnerability has been resolved: btrfs: use latestdev in btrfsshowdevname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfsshowdevname+0x104/0x1e8 btrfs CPU: 2 PID: 1 Comm: systemd Tainted: G W O...

6.5AI score0.00148EPSS
Exploits0References2
OSV
OSV
added 2024/05/07 9:2 p.m.5 views

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

8.4CVSS7AI score0.00368EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2024/02/01 3:28 p.m.89 views

Exploit for File Descriptor Leak in Linuxfoundation Runc

CVE-2024-21626 For detailed explanation for this vulnerabilit...

8.6CVSS7AI score0.18087EPSS
Exploits18
SUSE CVE
SUSE CVE
added 2023/02/15 4:17 a.m.4 views

SUSE CVE-2019-5736

runc through 1.0-rc6, as used in Docker before 18.09.2 and other products, allows attackers to overwrite the host runc binary and consequently obtain host root access by leveraging the ability to execute a command as root within one of these types of containers: 1 a new container with an...

7.5CVSS9.5AI score0.9857EPSS
Exploits33References38
SUSE CVE
SUSE CVE
added 2023/02/15 3:22 a.m.5 views

SUSE CVE-2022-45412

When resolving a symlink such as file:///proc/self/fd/1, an error message may be produced where the symlink was resolved to a string containing unitialized memory in the buffer. This bug only affects Thunderbird on Unix-based operated systems Android, Linux, MacOS. Windows is unaffected.. This...

8.8CVSS7.8AI score0.00789EPSS
Exploits0References8
Rows per page
Query Builder