Lucene search
K

3356 matches found

Packet Storm News
Packet Storm News
added 2026/04/23 12:0 a.m.8 views

Keras 3.13.0 HDF5 Shape Fuzzing for Robustness Testing

This script performs fuzz testing against Keras version 3.13.0 on randomly generated tensor shapes using NumPy and HDF5 to evaluate stability and error handling in file creation workflows...

5.8AI score
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/23 12:0 a.m.10 views

Security update for cacti, cacti-spine (critical)

openSUSE Security Update: Security update for cacti, cacti-spine Announcement ID: openSUSE-SU-2026:0148-1 Rating: critical References: 1231027 1231369 1231370 1231371 1231372 1236482 1236486 1236487 1236488 1236489 1236490 Cross-References: CVE-2024-43362 CVE-2024-43363 CVE-2024-43364...

9.1CVSS7.5AI score0.54024EPSS
Exploits18References11
EUVD
EUVD
added 2026/04/22 6:31 p.m.9 views

EUVD-2026-25020

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

5CVSS5.8AI score0.00138EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.32 views

CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

5CVSS0.00138EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.7 views

CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

6.3CVSS5.8AI score0.00104EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.6 views

CVE-2026-35360

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

6.3CVSS5.8AI score0.00104EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.5 views

CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR

The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...

3.3CVSS5.7AI score0.00132EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/22 3:31 p.m.10 views

InstructLab vulnerable to Path Traversal

A flaw was found in InstructLab. A local attacker could exploit a path traversal vulnerability in the chat session handler by manipulating the logsdir parameter. This allows the attacker to create new directories and write files to arbitrary locations on the system, potentially leading to...

7.1CVSS5.5AI score0.00164EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.5 views

PT-2026-34496

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses O TRUNC. An attacker can exploit this window to create...

6.3CVSS5.8AI score0.00104EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.11 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability that stems from race conditions during file creation. This vulnerability could allow attackers to truncate existing files, resulting in permanent data loss...

6.3CVSS5.8AI score0.00104EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.10 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils Open Source. uutils coreutils has a security vulnerability, which stems from a logical error in the ln function. This vulnerability could allow local attackers to manipulate existing symbolic links, redirecting fil...

5CVSS5.8AI score0.00138EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.12 views

GLSA-202604-04 : DTrace: Arbitrary file creation via dtprobed

The remote host is affected by the vulnerability described in GLSA-202604-04 DTrace: Arbitrary file creation via dtprobed A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Tenable has extracted the preceding descripti...

5.5CVSS5.8AI score0.00181EPSS
Exploits0References3
Gentoo Linux
Gentoo Linux
added 2026/04/17 12:0 a.m.13 views

DTrace: Arbitrary file creation via dtprobed

Background DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Descriptio...

5.5CVSS5.9AI score0.00181EPSS
Exploits0
OSV
OSV
added 2026/04/16 8:53 a.m.7 views

CLSA-2026-1776329620 glib2: Fix of 6 CVEs

CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2025-14512: fix integer overflow in escapebytestring for byte strings with many invalid characters - CVE-2026-1485: fix buffer underflow in content type...

6.5CVSS6.8AI score0.00504EPSS
Exploits1References1
OSV
OSV
added 2026/04/15 11:18 p.m.12 views

CLSA-2026-1776246056 glib2: Fix of 5 CVEs

CVE-2026-1489: fix integer overflow in Unicode case conversion functions - CVE-2026-1484: fix integer overflow in GLib Base64 encoding - CVE-2026-1485: fix buffer underflow in content type treemagic parsing - CVE-2026-0988: fix integer overflow in gbufferedinputstreampeek - CVE-2025-7039: fix...

5.4CVSS6AI score0.00396EPSS
Exploits1References1
OSV
OSV
added 2026/04/14 1:10 p.m.7 views

JLSEC-2026-103 Insufficient permission checking in `Deno.makeTemp*` APIs

Impact Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a Deno.makeTemp API...

5.8CVSS6.2AI score0.00491EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

Schneider Electric PowerChute Serial Shutdown 资源管理错误漏洞

Schneider Electric PowerChute Serial Shutdown is a UPS management, normal shutdown and energy management software from Schneider Electric France. Schneider Electric PowerChute Serial Shutdown suffers from a Resource Management Error vulnerability that stems from uncontrolled resource consumption,...

6.5CVSS5.8AI score0.00245EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.8 views

PT-2026-32677

Name of the Vulnerable Software and Affected Versions PowerChute Serial Shutdown affected versions not specified Description An uncontrolled resource consumption issue exists where a Web Admin user can cause a denial of service. This occurs when the system is flooded with specially crafted POST...

5.3CVSS5.8AI score0.00245EPSS
Exploits0References5
CVE
CVE
added 2026/04/13 5:4 a.m.16 views

CVE-2026-21012

CVE-2026-21012 describes external control of a file name in AODManager prior to SMR Apr-2026 Release 1. This allows a privileged local attacker to create a file with system privileges. The connected documents reiterate the same description; no additional technical details (affected versions, spec...

6.8CVSS5.8AI score0.00093EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/10 7:16 p.m.10 views

CVE-2026-33698

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

9.8CVSS0.00321EPSS
Exploits0References2
Rows per page
Query Builder