Lucene search
K

8574 matches found

Cvelist
Cvelist
added 2026/06/24 9:30 p.m.18 views

CVE-2026-53765 chrome-devtools-mcp: daemon.pid write follows symlinks in /tmp fallback runtime directory

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.20.0 until 1.1.0, The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions...

6.1CVSS0.00077EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 9:30 p.m.22 views

CVE-2026-53765

CVE-2026-53765 / GHSA-3PVJ-JV98-QHJQ affects chrome-devtools-mcp (Chrome DevTools for agents). The vulnerability occurs when the daemon writes its PID file to a deterministic runtime path under /tmp on POSIX systems (macOS or Linux with XDG_RUNTIME_DIR unset). The code uses fs.writeFileSync() wit...

6.1CVSS5.9AI score0.00077EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/06/24 12:5 p.m.4 views

RLSA-2026:27742 Important: postgresql18 security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

8.8CVSS6AI score0.00668EPSS
Exploits0References5
PyPA
PyPA
added 2026/06/23 1:16 p.m.8 views

PYSEC-0000-CVE-2026-56258

Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to write files outside the intended directory via symlink and time-of-check-time-of-use TOCTOU attacks on the outputpath parameter. Remote attackers can...

9.2CVSS6.4AI score0.00656EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.15 views

RHEL 8 : libpq (RHSA-2026:27738)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:27738 advisory. The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fixes:...

8.8CVSS7AI score0.00668EPSS
Exploits0References10
Snyk
Snyk
added 2026/06/19 10:10 p.m.5 views

Symlink Attack

Overview pydantic-settings is a Settings management using Pydantic Affected versions of this package are vulnerable to Symlink Attack in the NestedSecretsSettingsSource process when secretsnestedsubdir is enabled and a symbolic link inside the configured secrets directory points outside of it. An...

5.3CVSS6AI score0.00125EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 7:21 p.m.5 views

Symlink Attack

Overview py7zr is a Pure python 7-zip library Affected versions of this package are vulnerable to Symlink Attack in the extractall method. An attacker can overwrite arbitrary files on the host system by crafting malicious archives containing symbolic link chains that escape the intended extractio...

8.6CVSS6.3AI score0.00404EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 5:45 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...

6.5CVSS6AI score0.00318EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 5:45 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the os.ReadFile function during direct lookups via resources.Get. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the...

6.5CVSS6AI score0.00318EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in avahi

The avahi-daemon-check-dns.sh script within the Debian avahi package, as of version 0.8-4, is executed as the root user via /etc/network/if-up.d/avahi-daemon. This script allows a local attacker to cause a denial of service or create arbitrary empty files through a symlink attack on files located...

7.8CVSS7.3AI score0.00395EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 5:25 p.m.7 views

Symlink Attack

Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Symlink Attack via the download process. An attacker can overwrite arbitrary files with attacker-controlled content by supplying crafted filenames containing...

9.6CVSS6.3AI score0.00502EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/17 9:51 p.m.19 views

CVE-2026-12567 Symlink-following arbitrary write via github_workflows module

The githubworkflows module constructs local directory paths from user-controlled repository names without validating for symlinks. A local attacker sharing the scan directory can plant a symlink at the predictable output path, causing workflow data to be written to an attacker-chosen location...

2.2CVSS0.00091EPSS
Exploits0References1
Snyk
Snyk
added 2026/06/17 2:1 p.m.13 views

Symlink Attack

Overview chrome-devtools-mcp is a MCP server for Chrome DevTools Affected versions of this package are vulnerable to Symlink Attack in the fs.writeFileSync process when writing the PID file to a runtime directory under /tmp if $XDGRUNTIMEDIR is unset. An attacker can overwrite or truncate arbitra...

6.9CVSS6AI score0.00077EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/17 2:1 p.m.9 views

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

Summary The chrome-devtools-mcp daemon writes its PID file with fs.writeFileSync to a deterministic runtime path. On typical macOS environments, and on Linux sessions where $XDGRUNTIMEDIR is unset, that runtime path falls back to /tmp/chrome-devtools-mcp-/daemon.pid. Because the write does not us...

6.1CVSS5.5AI score0.00077EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.17 views

PT-2026-50562

Name of the Vulnerable Software and Affected Versions github workflows affected versions not specified Description The github workflows module constructs local directory paths using repository names provided by the user without validating for symlinks. A local attacker with access to the scan...

2.2CVSS5.2AI score0.00091EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 8:12 p.m.6 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the resources.Get function. An attacker can access arbitrary files outside the intended directory by placing a symlink inside a mounted directory that points to files outside the mount. This is only exploitable if the...

6.9CVSS5.9AI score0.00275EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/16 3:3 p.m.13 views

Symlink Attack

Overview langchain-anthropic is an Integration package connecting Claude Anthropic APIs and LangChain Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path...

6.9CVSS5.9AI score0.00157EPSS
Exploits0References3
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/15 12:0 a.m.5 views

Security update for python-python-dotenv (moderate)

openSUSE security update: security update for python-python-dotenv ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20952-1 Rating: moderate References: bsc1262423 Cross-References: CVE-2026-28684 CVSS scores: CVE-2026-28684 SUSE : 6.6...

6.6CVSS7AI score0.00236EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-54230

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirection...

7.8CVSS5.7AI score0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.14 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
Rows per page
Query Builder