Lucene search
K

234 matches found

Microsoft CVE
Microsoft CVE
added 2026/04/05 8:1 a.m.12 views

OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

...

6.5CVSS5.7AI score0.00406EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2026/04/05 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34978

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. pa...

6.5CVSS5.6AI score0.00406EPSS
Exploits1References4
OSV
OSV
added 2026/04/03 10:16 p.m.3 views

DEBIAN-CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.5AI score0.00406EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 10:16 p.m.4 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS0.00406EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 10:16 p.m.11 views

ALPINE-CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.5AI score0.00406EPSS
Exploits1References1
OSV
OSV
added 2026/04/03 10:16 p.m.5 views

UBUNTU-CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.9AI score0.00406EPSS
Exploits1References4
UbuntuCve
UbuntuCve
added 2026/04/03 10:16 p.m.6 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS6AI score0.00406EPSS
Exploits1References2
CVE
CVE
added 2026/04/03 9:15 p.m.82 views

CVE-2026-34978

OpenPrinting CUPS vulnerability CVE-2026-34978 involves a path traversal flaw in the RSS notifier (notify-recipient-uri) that affects versions

6.5CVSS6AI score0.00406EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/03 9:15 p.m.21 views

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS0.00406EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/03 9:15 p.m.5 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS5.4AI score0.00406EPSS
Exploits1
EUVD
EUVD
added 2026/04/03 9:15 p.m.4 views

EUVD-2026-18884

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS6AI score0.00406EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/03 9:15 p.m.5 views

CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache)

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS6AI score0.00406EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/03 9:15 p.m.4 views

CVE-2026-34978

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri e.g., rss:///../job.cache, letting a remote IPP client write RSS XML bytes outside CacheDir/rss...

6.5CVSS6AI score0.00406EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.7 views

PT-2026-30236

Name of the Vulnerable Software and Affected Versions OpenPrinting CUPS versions 2.4.16 and earlier Description The RSS notifier allows path traversal in the 'notify-recipient-uri' parameter for example, 'rss:///../job.cache'. This enables a remote IPP client to write RSS XML bytes outside the...

7.8CVSS5.8AI score0.00502EPSS
Exploits7References64
OSV
OSV
added 2026/03/27 10:9 a.m.3 views

SUSE-SU-2026:20949-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

8.9CVSS6.7AI score0.13848EPSS
Exploits1References7
OSV
OSV
added 2026/03/27 10:9 a.m.6 views

SUSE-SU-2026:20976-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253584. - CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validat...

8.9CVSS7AI score0.13848EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2026/03/25 9:28 p.m.8 views

AVideo: Remote Code Execution via PHP Temp File in Encoder downloadURL

Summary The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the original URL's filename and extension including .php. By providing an invalid resolution parameter, an attacker triggers an early die via...

8.8CVSS6.7AI score0.00395EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.16 views

PT-2026-27191

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. The downloadVideoFromDownloadURL function in objects/aVideoEncoder.json.php saves remote content to a web-accessible temporary directory using the...

8.8CVSS5.8AI score0.00395EPSS
Exploits1References8
OSV
OSV
added 2026/03/06 11:34 a.m.3 views

SUSE-SU-2026:20656-1 Security update for docker-compose

This update for docker-compose fixes the following issues: - CVE-2025-47914: non validated message size can cause a panic due to an out of bounds read bsc1254041. - CVE-2025-47913: client process termination when receiving an unexpected message type in response to a key listing or signing request...

8.9CVSS6.8AI score0.13848EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.8 views

Dart 路径遍历漏洞

Dart is an open-source programming language developed by Dartmouth. Dart has a path traversal vulnerability. This vulnerability arises when the pub client extracts packages, and files from malicious package archives may be extracted to locations outside of the PUBCACHE target directory, potential...

8.7CVSS5.8AI score0.00356EPSS
Exploits0References2
Rows per page
Query Builder