97 matches found
CVE-2026-45384
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...
CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...
EUVD-2026-36115
bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...
FreeBSD-SA-26:26.ktls
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...
RHEL 10 : vim (RHSA-2026:22711)
The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22711 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via...
JLSEC-2026-213 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function...
When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...
CVE-2026-35355
CVE-2026-35355 concerns the install utility in uutils coreutils . The vulnerability arises from a TOCTOU race during file installation: the code unlinks an existing destination file and then recreates it via a path-based operation without using the O_EXCL flag. This creates a window where a local...
SUSE CVE-2026-5958
When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...
CVE-2026-5958
The CVE concerns GNU sed. When sed is invoked with both -i (in-place edit) and --follow-symlinks, open_next_file() performs two non-atomic operations on the same path: (1) resolve the symlink to its target and store the resolved path, and (2) open the original symlink path to read the file. A rac...
CVE-2026-5958 Race Condition in GNU Sed
When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...
CVE-2026-5958 Race Condition in GNU Sed
When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...
Linux Distros Unpatched Vulnerability : CVE-2026-5958
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the...
CVE-2026-30291
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
CVE-2026-30292
An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
EUVD-2026-17891
An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...
Ora Tools PDF Reader 安全漏洞
Ora Tools PDF Reader is a document reading tool developed by Ora Tools Corporation in China. It supports browsing and basic processing of PDF files. There is a security vulnerability in the APPv4.3.5 version of Ora Tools PDF Reader. This vulnerability stems from the possibility of arbitrary file...
Security Bulletin: Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950.
Summary Maximo AI Service uses tar-7.4.3.tgz which is vulnerable to CVE-2026-23745 and CVE-2026-23950. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2026-23950 DESCRIPTION: node-tar,a Tar for Node.js, has a race condition...
CVE-2026-30282
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
CVE-2026-30282
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure...
CVE-2026-30281
CVE-2026-30281 affects MaruNuri LLC v2.0.23, with an arbitrary file overwrite through the file import process that can lead to arbitrary code execution or information exposure. The vulnerability is tied to the file-import flow (v2.0.23). Some sources describe exploitation as remote code execution...