Lucene search
K

814 matches found

CVE
CVE
added yesterday11 views

CVE-2026-54572

Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...

7.5CVSS6.1AI score
Exploits0References4
CVE
CVE
added 2 days ago8 views

CVE-2026-62239

FlashAttention (up to 2.8.3.post1) contains a symlink attack in hopper/setup.py: download_and_copy() extracts NVIDIA toolchain archives without validating symlinks or filtering tar members. A local attacker can plant a predictable symlink in the cache to redirect extracted binaries to a chosen lo...

6.6CVSS6.2AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 6 days ago8 views

CVE-2026-58198

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
CVE
CVE
added 6 days ago14 views

CVE-2026-58198

ChatterBot (Python) vulnerability CVE-2026-58198: UbuntuCorpusTrainer.extract() uses a predictable home path (~/.ubuntu_data/ubuntu_dialogs) with a check-then-create pattern, then tar.extractall(path=self.data_path). An attacker who pre-places a symlink at that path can cause archived contents to...

5.5CVSS5.9AI score0.00095EPSS
Exploits0References4
OSV
OSV
added 6 days ago2 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS6.1AI score0.00095EPSS
Exploits0References6
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-58198 ChatterBot: Symlink-Following Arbitrary Write via UbuntuCorpusTrainer

ChatterBot is a machine learning, conversational dialog engine for creating chat bots. Prior to 1.2.14, UbuntuCorpusTrainer.extract uses a predictable home-rooted output directory /ubuntudata/ubuntudialogs with a check-then-create pattern followed by tar.extractallpath=self.datapath, allowing a...

5.5CVSS0.00095EPSS
Exploits0References4
NVD
NVD
added 6 days ago6 views

CVE-2026-23561

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS0.0014EPSS
Exploits0References1
OSV
OSV
added 6 days ago5 views

ALPINE-CVE-2026-23559

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. XAPI can configure different users with different roles, using Role Based Access Control. For more details, see:...

9.4CVSS7.1AI score0.00134EPSS
Exploits0References1
OSV
OSV
added last week3 views

CVE-2026-55878 Symfony: Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS6.2AI score0.00146EPSS
Exploits0References6
Cvelist
Cvelist
added last week36 views

CVE-2026-55878 Symfony: Path Traversal in symfony/ux-toolkit Allows Arbitrary File Write and Read via Crafted Recipe Manifest

Symfony UX is a JavaScript ecosystem for Symfony. From 2.32.0 before 2.36.1 and from 3.0.0 before 3.2.0, the ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map, and because Path::isRelative accepts paths like ../../../etc, a crafted or...

7.8CVSS0.00146EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 6:29 a.m.4 views

OESA-2026-2867 aom security update

The Alliance for Open Media’s focus is to deliver a next-generation video format that is: Security Fixes: An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows ...

7.1CVSS6.7AI score0.00414EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 7:48 a.m.2 views

CVE-2026-47897 Apache Lucene.Net: Arbitrary file write from malicious server to Lucene.Net.Replicator client

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Apache Lucene.Net Lucene.Net.Replicator library. This issue affects Apache Lucene.Net.Replicator: from 4.8.0-beta00005 before 4.8.0-beta00018. Users are recommended to upgrade to version 4.8.0-beta00018,...

8.9CVSS6.1AI score0.00616EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 8:17 p.m.5 views

CVE-2026-58592

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS0.00311EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 7:27 p.m.8 views

EUVD-2026-41130

Ladybird contains a dangling-reference memory-safety flaw in its WebAssembly ESM-integration module loader. When a JavaScript function is imported into a WebAssembly module via the ESM path, WebAssemblyModule.cpp passes a stack-local Wasm::FunctionType by reference to createhostfunction, whose ho...

8.9CVSS6.4AI score0.00311EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-56876

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like...

8.6CVSS6.1AI score0.00346EPSS
Exploits1References3
CVE
CVE
added 2026/06/26 4:23 p.m.18 views

CVE-2026-45405

Dokku before 0.38.2 is affected by a file-write vulnerability in tar extraction during git:from-archive and certs:add. User-supplied tar/zip archives are extracted into temporary directories without sanitizing member paths or preventing symlink traversal; GNU tar can create and follow symlinks, e...

9CVSS5.9AI score0.00289EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/25 4:52 p.m.4 views

CVE-2026-50015 pnpm: Arbitrary File Write/Delete via Malicious Patch File (Path Traversal)

pnpm is a package manager. Prior to 10.34.0 and 11.4.0, pnpm's patch application pipeline @pnpm/patch-package performs no path validation on file paths extracted from .patch files. An attacker who contributes a malicious patch file via a pull request can write attacker-controlled content to or...

7.3CVSS6.2AI score0.0027EPSS
Exploits1References3
CVE
CVE
added 2026/06/24 6:22 p.m.16 views

CVE-2026-48793

Jellyfin is affected by CVE-2026-48793 prior to version 10.11.10. The issue arises in the subtitle conversion path where SubtitleEncoder.ConvertTextSubtitleToSrtInternal interpolates the subtitle file path into FFmpeg command-line arguments without normalizing the path, allowing injection of arbi...

8.8CVSS6.1AI score0.00357EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/23 2:19 a.m.7 views

SUSE CVE-2026-56209

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

8.1CVSS6AI score0.00272EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/19 4:28 p.m.6 views

EUVD-2026-38044

An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC Scalable Video Coding layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel value...

7.1CVSS6AI score0.00272EPSS
Exploits0References4
Rows per page
Query Builder