Lucene search
K

13 matches found

EUVD
EUVD
added 2026/06/26 11:21 p.m.14 views

EUVD-2026-38068

gonic has arbitrary file write in createPlaylist: any authenticated user can write playlist M3U content to attacker-controlled path on the host...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/24 5:30 p.m.9 views

EUVD-2026-39015

Warp is an agentic development environment. From 0.2024.02.20.08.01.stable01 until 0.2026.05.06.15.42.stable01, Warp contains a command injection issue in the Linux external editor launcher. Warp expanded freedesktop .desktop Exec templates for affected editor integrations and executed the expand...

7.8CVSS5.9AI score0.00496EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 7:11 p.m.5 views

CVE-2026-49340

gonic is a music streaming server / free-software subsonic server API implementation. Prior to version 0.21.0, a logic error in ServeCreateOrUpdatePlaylist allows any authenticated Subsonic user including non-admin to write playlist M3U content to an attacker-controlled absolute filesystem path o...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.25 views

PT-2026-51013

Name of the Vulnerable Software and Affected Versions Gonic versions prior to 0.21.0 Description A logic error in the ServeCreateOrUpdatePlaylist function allows for arbitrary file write operations within the music streaming server. Recommendations Update to version 0.21.0 or later. As a temporar...

8.1CVSS5.9AI score0.00269EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.37 views

Linux Distros Unpatched Vulnerability : CVE-2026-42497

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar...

7.5CVSS5.9AI score0.00417EPSS
Exploits0References4
OSV
OSV
added 2026/05/26 2:16 a.m.8 views

DEBIAN-CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.00417EPSS
Exploits0References1
NVD
NVD
added 2026/05/26 2:16 a.m.20 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS0.00417EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/05/26 12:17 a.m.19 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

7.5CVSS5.8AI score0.00417EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/26 12:17 a.m.10 views

CVE-2026-42497

Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory. makespecialfile passes the tar header's linkname to link without validating it against absolute paths or .. segments, creating a hardlink that shares the victim file's inode...

5.8AI score0.00417EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 6:17 p.m.15 views

PYSEC-2026-30

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References3
PyPA
PyPA
added 2026/05/12 6:17 p.m.13 views

PYSEC-2026-30

changedetection.io is a free open source web page change detection tool. Prior to 0.55.1, the vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore logic. When a backup ZIP is restored, the application...

7.5CVSS5.8AI score0.00354EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/13 10:46 p.m.6 views

CVE-2025-68470

React Router is a router for React. In versions 6.0.0 through 6.30.1 and 7.0.0 through 7.9.5, an attacker-supplied path can be crafted so that when a React Router application navigates to it via navigate, , or redirect, the app performs a navigation/redirect to an external URL. This is only an...

6.5CVSS6.4AI score0.00198EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/10/27 8:19 p.m.10 views

Docker Compose Vulnerable to Path Traversal via OCI Artifact Layer Annotations

Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com.docker.compose.envfile with its local cac...

8.9CVSS6.8AI score0.13848EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder