CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16651 matches found

CVE-2026-53765

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS5.9AI score

Exploits0References1

CVE•added yesterday•4 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score

Exploits0References1

EUVD•added yesterday•4 views

EUVD-2026-39086

A flaw was found in KubeVirt's safepath package. The OpenAtNoFollow function uses OPATH|ONOFOLLOW to obtain a file descriptor to a path leaf, but downstream helpers operate via /proc/self/fd/N using link-following syscalls. When the leaf is a symlink, the kernel dereferences it, defeating the...

5.2CVSS5.8AI score

Exploits0References2

CVE•added yesterday•4 views

CVE-2026-13201

5.2CVSS5.8AI score

Exploits0References2

RedhatCVE•added yesterday•3 views

CVE-2026-13201

5.2CVSS5.8AI score

Exploits0References3

CVE•added yesterday•4 views

CVE-2026-52811

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component —...

9CVSS5.9AI score

Exploits0References4

EUVD•added yesterday•4 views

EUVD-2026-38835

In the Linux kernel, the following vulnerability has been resolved: smb/client: fix possible infinite loop and oob read in symlinkdata On 32-bit architectures, the infinite loop is as follows: len = p-ErrorDataLength == 0xfffffff8 u8 next = p-ErrorContextData + len next == p On 32-bit...

5.7AI score

Exploits0References7

Nuclei•added yesterday•24 views

Vite Dev Server - Path Traversal

Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, files starting with the same name with the public directory were served bypassing the server.fs settings. Only apps that explicitly expose the Vite dev server to the network using --host or...

5.3CVSS6.1AI score0.0118EPSS

Exploits1References2

Nuclei•added yesterday•71 views

Gogs <= 0.13.3 - Remote Code Execution

Gogs self-hosted Git service versions 0.13.3 and earlier contain a critical symlink bypass vulnerability that circumvents the fix for CVE-2024-55947. Authenticated users can exploit improper symbolic link handling in the PutContents API to overwrite files outside the repository by committing a...

8.8CVSS7.7AI score0.7654EPSS

Exploits17References4

NVD•added 2 days ago•3 views

CVE-2026-12958

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS

Exploits0References2

NVD•added 2 days ago•3 views

CVE-2026-11940

tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...

7.8CVSS0.00599EPSS

Exploits0References7

Github Security Blog•added 2 days ago•5 views

Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score

Exploits0References5Affected Software1

NVD•added 2 days ago•8 views

CVE-2026-56692

NanoClaw before 2.1.17 contains a symlink following vulnerability in forwardAttachedFiles that allows container-controlled agents to exfiltrate host-readable files. The host validates attachment filenames using only isSafeAttachmentName before copying with fs.copyFileSync, which follows symlinks...

6.8CVSS0.00131EPSS

Exploits0References3

Cvelist•added 2 days ago•33 views

CVE-2026-11940 tarfile extraction filter bypass allows escaping the destination directory

7.8CVSS0.00599EPSS

Exploits0References7

EUVD•added 2 days ago•4 views

EUVD-2026-38490

7.8CVSS6.6AI score0.00728EPSS

Exploits2References7

Debian CVE•added 2 days ago•4 views

CVE-2026-11940

7.8CVSS5.8AI score0.00599EPSS

Exploits0

CVE•added 2 days ago•9 views

CVE-2026-11940

CVE-2026-11940 concerns tarfile.extractall() in Python’s tarfile handling where a crafted archive can bypass the filter for data/tar and cause a symlink outside the destination directory to be created by abusing a hardlink referencing a deeper symlink. The extraction fallback validates the symlin...

7.8CVSS5.8AI score0.00599EPSS

Exploits0References7

CVE•added 2 days ago•5 views

CVE-2026-12958

CVE-2026-12958 affects Language Servers for AWS due to missing symlink validation, allowing arbitrary file write outside the workspace trust boundary when a user opens a workspace containing a crafted symlink. The issue is reported across multiple sources (CVE entry, NVD, and related databases). ...

8.5CVSS6AI score0.00142EPSS

Exploits0References2

Cvelist•added 2 days ago•28 views

CVE-2026-12958 Arbitrary file write in Language Servers for AWS

8.5CVSS0.00142EPSS

Exploits0References2

EUVD•added 2 days ago•7 views

EUVD-2026-38489

8.5CVSS6AI score0.00142EPSS

Exploits0References2

Rows per page