Lucene search
K

106 matches found

CVE
CVE
added 2026/05/08 10:10 p.m.23 views

CVE-2026-42344

FastGPT before 4.14.11 is vulnerable in isInternalAddress() (packages/service/common/system/utils.ts) to DNS rebinding TOCTOU, where DNS resolution for private-range checks occurs separately from the subsequent HTTP request. An attacker could exploit the window between validation and fetch to byp...

6.3CVSS5.8AI score0.00148EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/08 2:22 p.m.41 views

CVE-2026-43433 rust_binder: avoid reading the written value in offsets array

In the Linux kernel, the following vulnerability has been resolved: rustbinder: avoid reading the written value in offsets array When sending a transaction, its offsets array is first copied into the target proc's vma, and then the values are read back from there. This is normally fine because th...

7.8CVSS0.00099EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/07 8:21 p.m.9 views

CVE-2026-44113

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in the OpenShell filesystem bridge that allows attackers to read files outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and access...

8.3CVSS5.8AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/05/06 8:16 p.m.6 views

CVE-2026-44112

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write...

9.6CVSS0.02442EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/06 7:49 p.m.7 views

CVE-2026-44112

OpenClaw before 2026.4.22 contains a time-of-check/time-of-use race condition in OpenShell sandbox filesystem writes that allows attackers to redirect writes outside the intended mount root. Attackers can exploit symlink swaps during filesystem operations to bypass sandbox restrictions and write...

6CVSS5.8AI score0.02442EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/05 6:33 p.m.8 views

EUVD-2026-27392

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to...

2.6CVSS5.1AI score0.00162EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 2:45 a.m.15 views

EUVD-2026-26879

A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validaterestrictedurl of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is...

5CVSS5.1AI score0.0025EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/05/01 12:0 a.m.36 views

CVE-2026-37531

AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability CWE-22 combined with a TOCTOU race condition CWE-367 in the widget installation flow. The isvalidfilename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal...

9.8CVSS0.00711EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/24 12:31 a.m.7 views

EUVD-2026-25322

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

5CVSS5.8AI score0.00088EPSS
Exploits0References4
NVD
NVD
added 2026/04/23 10:16 p.m.5 views

CVE-2026-41338

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

5CVSS0.00088EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.34 views

CVE-2026-41338 OpenClaw < 2026.3.31 - Time-of-Check-Time-of-Use (TOCTOU) Vulnerability in Sandbox File Operations

OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act patterns in applypatch, remove, and mkdir operations to manipulate files between validation and execution...

5CVSS0.00088EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:57 p.m.21 views

CVE-2026-41338

OpenClaw prior to 2026.3.31 contains a time‑of‑check/time‑of‑use (TOCTOU) vulnerability in sandbox file operations that lets attackers bypass fd‑based defenses. The issue arises from check‑then‑act patterns in apply_patch, remove, and mkdir, enabling manipulation of files between validation and e...

5CVSS5.8AI score0.00088EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.7 views

Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-239g-2685-54x3. This link is maintained to preserve external references. Original Description The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during...

6.3CVSS6AI score0.00118EPSS
Exploits1References5Affected Software1
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.12 views

CVE-2026-35354

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute xattr preservation logic uses multiple path-based system calls that perform fresh path-to-inode lookups for each operation. A local attacker with writ...

4.7CVSS5.8AI score0.00091EPSS
Exploits1References2
OSV
OSV
added 2026/04/22 5:16 p.m.7 views

UBUNTU-CVE-2026-35355

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...

6.3CVSS5.9AI score0.00118EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2026/04/22 5:16 p.m.10 views

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.6 views

CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module

The safetraversal module in uutils coreutils, which provides protection against Time-of-Check to Time-of-Use TOCTOU symlink races using file-descriptor-relative syscalls, is incorrectly limited to Linux targets. On other Unix-like systems such as macOS and FreeBSD, the utility fails to utilize...

3.6CVSS5.8AI score0.0018EPSS
Exploits0References2
CVE
CVE
added 2026/04/22 4:8 p.m.14 views

CVE-2026-35356

CVE-2026-35356 describes a TOCTOU vulnerability in the install utility of the uutils coreutils when using -D. The process creates parent directories and then performs a second path resolution to create the target file, without anchoring to a directory file descriptor. A concurrent writer can repl...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/22 1:11 p.m.37 views

CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS0.0046EPSS
Exploits10References5
EUVD
EUVD
added 2026/04/22 1:11 p.m.5 views

EUVD-2026-24742

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

8.8CVSS6AI score0.0046EPSS
Exploits10References5
Rows per page
Query Builder