Lucene search
K

37 matches found

RedHat Linux
RedHat Linux
added 4 days ago6 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS6.4AI score0.00552EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 9:53 p.m.7 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.11 views

CVE-2026-46484

Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by node and user rename operations. This issue has been patched in versions 0.6.3 and 0.7.0-beta.3...

8.1CVSS5.4AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.8 views

CVE-2026-40001

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...

5.2CVSS5.7AI score0.00128EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.13 views

RockyLinux 8 : vim (RLSA-2026:22730)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22730 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block directl...

7.1CVSS5.5AI score0.00126EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.9 views

RockyLinux 10 : vim (RLSA-2026:22711)

The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:22711 advisory. vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Tenable has extracted the preceding description block direct...

7.1CVSS5.5AI score0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.15 views

PT-2026-46903

All versions of the package decompress are vulnerable to Arbitrary File Write via Archive Extraction Zip Slip when extracting a ZIP archive containing two entries with the same path - the first being a symlink to an arbitrary target and the second being a regular file - the file content is writte...

6.4CVSS6.4AI score0.00528EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/30 8:13 a.m.17 views

CVE-2026-10044

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.006EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/29 12:38 a.m.13 views

EUVD-2026-33061

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS6AI score0.006EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/28 9:2 p.m.36 views

CVE-2026-10044 ai-goofish-monitor Unauthenticated Arbitrary File Read via GET /api/prompts/

Usagi-org ai-goofish-monitor contains an unauthenticated arbitrary file read vulnerability in the GET /api/prompts/filename endpoint on Windows deployments that allows unauthenticated remote attackers to read arbitrary files by supplying absolute Windows paths or backslash-based traversal...

8.2CVSS0.006EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.13 views

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

8.8CVSS7AI score0.01535EPSS
Exploits5References11
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44540

Name of the Vulnerable Software and Affected Versions ai-goofish-monitor affected versions not specified Description An unauthenticated arbitrary file read issue exists in Windows deployments. Remote attackers can read arbitrary files by supplying absolute Windows paths or backslash-based travers...

8.2CVSS5.9AI score0.006EPSS
Exploits0References6
NVD
NVD
added 2026/05/06 10:16 a.m.7 views

CVE-2026-40001

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...

5.2CVSS0.00128EPSS
Exploits0References1
CVE
CVE
added 2026/05/06 8:48 a.m.13 views

CVE-2026-40001

Technical details about CVE-2026-40001 are not publicly available in the provided documents. The two entries describe a local privilege escalation in ZTE PROCESS Guard but do not specify impacted versions, vulnerable components, or fixes. Monitor for updates.

5.2CVSS6AI score0.00128EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:48 a.m.8 views

CVE-2026-40001

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...

5.2CVSS6AI score0.00128EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37374

There is a local privilege escalation vulnerability in the ZTE PROCESS Guard service of the cloud computer client, which may allow local arbitrary code execution, privilege escalation and path traversal bypass...

5.2CVSS6AI score0.00128EPSS
Exploits0References2
OSV
OSV
added 2026/05/05 1:13 a.m.6 views

CLSA-2026-1777943581 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...

7.8CVSS7.2AI score0.0062EPSS
Exploits0References1
OSV
OSV
added 2026/05/04 10:7 a.m.9 views

CLSA-2026-1777889241 vim: Fix of 2 CVEs

CVE-2026-35177: fix path traversal bypass in zip.vim by using simplify to detect attacks that circumvent the previous regex-only check - CVE-2026-39881: fix command injection in netbeans interface via unsanitized defineAnnoType and specialKeys parameters...

7.8CVSS5.8AI score0.0062EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/03/13 10:19 a.m.125 views

Exploit for CVE-2026-1311

CVE-2026-1311 CVE-2026-1311 Sample PHP Payload Files...

8.8CVSS5.9AI score0.00734EPSS
Exploits1
OSV
OSV
added 2026/02/10 12:29 a.m.5 views

GHSA-68M5-5W2H-H837 FUXA Affected by a Path Traversal Sanitization Bypass

Summary A flaw in the path sanitization logic allows an authenticated attacker with administrative privileges to bypass directory traversal protections. By using nested traversal sequences e.g., ....//, an attacker can write arbitrary files to the server filesystem, including sensitive directorie...

8.6CVSS7.5AI score0.01216EPSS
Exploits0References7
Rows per page
Query Builder