MiracleLinux 8 : dotnet8.0-8.0.100-2.el8.ML.1 (AXSA:2024-7380:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7380:01 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

MiracleLinux 7 : rsync-3.1.2-11.el7 (AXSA:2022-3735:05)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2022-3735:05 advisory. rsync: remote arbitrary files write inside the directories of connecting peers CVE-2022-29154 Tenable has extracted the preceding description block directly...

MiracleLinux 8 : dotnet6.0-6.0.125-1.el8.ML.1 (AXSA:2024-7361:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7361:01 advisory. dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand CVE-2023-36049 dotnet: ASP.NET Security Feature Bypass Vulnerability in...

MiracleLinux 7 : zlib-1.2.7-20.el7 (AXSA:2022-3180:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-3180:02 advisory. gzip: arbitrary-file-write vulnerability CVE-2022-1271 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the extractPackageTarball function. An attacker can write arbitrary files to the filesystem by supplying a malicious tar file containing absolute paths. Note: This vulnerability results from an incomplete fix of...

CVE-2026-23745

node-tar (Tar for Node.js) vulnerability CVE-2026-23745: the library fails to sanitize the linkpath of Link (hardlink) and SymbolicLink entries when preservePaths is false, allowing bypass of extraction root restrictions and leading to Arbitrary File Overwrite via hardlinks and Symlink Poisoning ...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-23535

wlc is a Weblate command-line client using Weblate's REST API. Prior to 1.17.2, the multi-translation download could write to an arbitrary location when instructed by a crafted server. This vulnerability is fixed in 1.17.2...

Directory Traversal

Overview wlc is an A command-line utility for Weblate, translation tool with tight version control integration Affected versions of this package are vulnerable to Directory Traversal via unsanitized component slugs from the Weblate server during multi-translation downloads. An attacker can write...

MiracleLinux 7 : wget-1.14-13.el7 (AXSA:2016-1111:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2016-1111:01 advisory. GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background while you ar...

MiracleLinux 4 : wget-1.12-5.AXS4.1 (AXSA:2014-673:03)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2014-673:03 advisory. Description : GNU Wget is a file retrieval utility which can use either the HTTP or FTP protocols. Wget features include the ability to work in the background...

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

EUVD-2026-2856

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249

CVE-2026-22249—Docmost is affected in versions 0.21.0 through before 0.24.0. The vulnerability stems from an Arbitrary File Write via Zip Import (ZipSlip) in the import utility, where filename validation is missing in apps/server/src/integrations/import/utils/file.utils.ts. This can enable unauth...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...

CVE-2026-22249 Docmost affected by an Arbitrary File Write via Zip Import Feature (ZipSlip)

Docmost is an open-source collaborative wiki and documentation software. From 0.21.0 to before 0.24.0, Docmost is vulnerable to Arbitrary File Write via Zip Import Feature ZipSlip. In apps/server/src/integrations/import/utils/file.utils.ts, there are no validation on filename. This vulnerability ...