Lucene search
K

794 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:54 a.m.15 views

CVE-2018-4029

An exploitable code execution vulnerability exists in the HTTP request-parsing function of the NT9665X Chipset firmware running on the Anker Roav A1 Dashcam, version RoavA1SWV1.9. A specially crafted packet can cause an unlimited and arbitrary write to memory, resulting in code execution...

10CVSS7.6AI score0.02853EPSS
Exploits1References1
OSV
OSV
added 2026/01/02 6:58 p.m.5 views

GHSA-GVQ6-HVVP-H34H AdonisJS Path Traversal in Multipart File Handling

Summary Description A Path Traversal CWE-22 vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to...

9.2CVSS7.4AI score0.01063EPSS
Exploits3References7
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-3302

Name of the Vulnerable Software and Affected Versions Weblate versions prior to 1.17.2 Description The Weblate command-line client wlc has a flaw where a crafted server could potentially write files to arbitrary locations during a multi-translation download. This is due to improper handling of fi...

8CVSS6.7AI score0.00337EPSS
Exploits0References16
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.7 views

RHEL 9 : git-lfs (RHSA-2025:23744)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2025:23744 advisory. Git Large File Storage LFS replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing t...

8.6CVSS5.3AI score0.00707EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/19 5:10 p.m.4 views

CVE-2025-68478 Langflow Vulnerable to External Control of File Name or Path

Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.7.0, if an arbitrary path is specified in the request body's fspath, the server serializes the Flow object into JSON and creates/overwrites a file at that path. There is no path restriction,...

7.1CVSS6.6AI score0.03631EPSS
Exploits1References1
OSV
OSV
added 2025/12/19 9:42 a.m.7 views

CLSA-2025-1766137317 podman: Fix of 2 CVEs

CVE-2025-52881: container escape and denial of service due to arbitrary write gadgets and procfs write redirects - CVE-2025-58183: fix unbounded allocation when parsing GNU sparse map...

7.5CVSS7.5AI score0.00526EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2025/12/18 10:9 a.m.9 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/12/18 4:34 a.m.6 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
NVD
NVD
added 2025/12/16 1:15 a.m.6 views

CVE-2025-66449

ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint /upload allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes file.name directly from user supplied data without doi...

8.8CVSS0.00673EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/05 6:31 p.m.6 views

EUVD-2025-201420

zdhweb is a data collection, processing, monitoring, scheduling, and management platform. In zdhweb thru 5.6.17, insufficient validation of file upload paths in the application allows an authenticated user to write arbitrary files to the server file system, potentially overwriting existing files...

8.8CVSS7.8AI score0.00646EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.4 views

Oracle Linux 10 : podman (ELSA-2025-21220)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21220 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects rhel-10.1.z'...

7.5CVSS6.8AI score0.00526EPSS
Exploits1References2
NVD
NVD
added 2025/11/29 1:16 a.m.11 views

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS0.00496EPSS
Exploits9References2
Debian CVE
Debian CVE
added 2025/11/29 1:7 a.m.10 views

CVE-2025-66034

fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib or python3 -m fontTools.varLib script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The...

9.8CVSS8.4AI score0.00496EPSS
Exploits9
Packet Storm
Packet Storm
added 2025/11/26 12:0 a.m.193 views

📄 7-Zip 25.00 Zip Slip Directory Traversal

7-Zip version 25.00 suffers from a symlink directory traversal vulnerability. This write up provides analysis with a proof of concept. ============================================================================================================================================= | Title : 7-Zip 25.0...

7.8CVSS7AI score0.27017EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2025/11/25 8:2 a.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/25 5:3 a.m.5 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
OSV
OSV
added 2025/11/21 6:13 p.m.8 views

RLSA-2025:21702 Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: runc: container escape and denial of service due to arbitrary write gadgets and procfs...

8.2CVSS6.4AI score0.00526EPSS
Exploits1References2
OSV
OSV
added 2025/11/18 3:44 p.m.5 views

GO-2025-4098 Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runc

Container escape and DDoS due to arbitrary write gadgets and procfs write redirects in github.com/opencontainers/runc...

7.5CVSS7AI score0.00526EPSS
Exploits1References28
RedHat Linux
RedHat Linux
added 2025/11/18 12:31 a.m.4 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2025/11/13 9:10 a.m.3 views

runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects

A flaw was found in runc. This attack is a more sophisticated variant of CVE-2019-16884, which was a flaw that allowed an attacker to trick runc into writing the LSM process labels for a container process into a dummy tmpfs file and thus not apply the correct LSM labels to the container process...

7.5CVSS6.6AI score0.00526EPSS
Exploits1References6
Rows per page
Query Builder