CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

785 matches found

CNNVD•added 2026/04/17 12:0 a.m.•10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a race condition during the chmod command’s processing of symbolic links. This could allow local attackers to manipulate file system objects...

5.8AI score

Exploits0References1

Metasploit•added 2026/04/16 7:2 p.m.•315 views

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/loongarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run frozenstringliteral: true This module...

5.3AI score

Exploits0

Tenable Nessus•added 2026/04/15 12:0 a.m.•4 views

SUSE SLED15 / SLES15 Security Update : go1.25 (SUSE-SU-2026:1321-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:1321-1 advisory. - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG...

9.8CVSS6AI score0.00536EPSS

Exploits0References29

SUSE Linux•added 2026/04/14 12:40 p.m.•6 views

Security update for go1.25

This update for go1.25 fixes the following issues: Update to go1.25.9 bsc1244485. CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. CVE-2026-27144: cmd/compile: no-op...

7.5CVSS5.9AI score0.00536EPSS

Exploits0References38

OSV•added 2026/04/14 12:40 p.m.•8 views

SUSE-SU-2026:1321-1 Security update for go1.25

This update for go1.25 fixes the following issues: - Update to go1.25.9 bsc1244485. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144: cmd/compile:...

9.8CVSS5.8AI score0.00536EPSS

Exploits0References20

OSV•added 2026/04/14 12:39 p.m.•4 views

SUSE-SU-2026:1320-1 Security update for go1.26

This update for go1.26 fixes the following issues: - Update to go1.26.2 bsc1255111. - CVE-2026-27140: cmd/go: trust layer bypass when using cgo and SWIG bsc1261653. - CVE-2026-27143: cmd/compile: possible memory corruption after bound check elimination bsc1261654. - CVE-2026-27144: cmd/compile:...

9.8CVSS6AI score0.00536EPSS

Exploits0References22

OSV•added 2026/04/13 5:43 a.m.•7 views

BIT-GOLANG-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

6.4CVSS5.8AI score0.00292EPSS

Exploits0References5

Amazon•added 2026/04/13 12:0 a.m.•10 views

Medium: rust

Issue Overview: A flaw in the gix-date library can generate invalid non-UTF8 strings, leading to undefined behavior when processed. The most likely impact from a successful attack is to data integrity, by the malicious data being able to corrupt data being hold in memory and to system availabilit...

8.1CVSS5.8AI score0.00688EPSS

Exploits4

Tenable Nessus•added 2026/04/13 12:0 a.m.•10 views

Amazon Linux 2023 : cargo-c (ALAS2023-2026-1566)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1566 advisory. tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As par...

8.1CVSS7.5AI score0.00397EPSS

Exploits2References6

Positive Technologies•added 2026/04/13 12:0 a.m.•5 views

PT-2026-32421

6.4CVSS5.8AI score0.00292EPSS

Exploits0References6

RedhatCVE•added 2026/04/09 4:43 p.m.•3 views

CVE-2026-32282

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

7.8CVSS5.8AI score0.00292EPSS

Exploits0References7

Tenable Nessus•added 2026/04/09 12:0 a.m.•9 views

Linux Distros Unpatched Vulnerability : CVE-2026-32282

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even...

6.4CVSS7.2AI score0.00292EPSS

Exploits0References4