Lucene search
K

4753 matches found

Cvelist
Cvelist
added 2026/06/26 7:40 p.m.26 views

CVE-2026-53284 btrfs: only release the dirty pages io tree after successful writes

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS0.00432EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 7:40 p.m.6 views

EUVD-2026-39889

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

6AI score0.00432EPSS
Exploits0References3
CVE
CVE
added 2026/06/26 7:40 p.m.21 views

CVE-2026-53284

CVE-2026-53284 (Linux kernel, btrfs): The issue arises in btrfs_write_and_wait_transaction() where, after an error from btrfs_write_marked_extent(), the code still calls btrfs_extent_io_tree_release() to clear the dirty_pages io tree. This tree may contain records not yet submitted, and subsequen...

7.5CVSS6AI score0.00432EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/06/26 7:40 p.m.6 views

CVE-2026-53284

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS5.9AI score0.00432EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/26 7:31 p.m.28 views

CVE-2026-29509 Patool < 4.0.5 Path Traversal via safe_extract() Function

Patool before 4.0.5 contains a path traversal vulnerability in the safeextract function in patoolib/programs/pytarfile.py when running on Python before 3.12, where the iswithindirectory helper uses os.path.commonprefix for character-level string comparison instead of path-level comparison, allowi...

5.4CVSS0.00285EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39804

Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequen...

9CVSS5.9AI score0.00289EPSS
Exploits0References2
OSV
OSV
added 2026/06/26 7:50 a.m.4 views

OPENSUSE-SU-2026:21161-1 Security update for python-pdm

This update for python-pdm fixes the following issues: Changes in python-pdm: - CVE-2026-47763: Do not follow symlinks when writing config files bsc1268384 - CVE-2026-47763: Do not write to paths outside the scheme dir bsc1268385 - CVE-2026-47781: Update plugin installation path to use...

5.8AI score0.00047EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/26 2:8 a.m.6 views

SUSE CVE-2026-53250

In the Linux kernel, the following vulnerability has been resolved: xsk: cache csumstart/csumoffset to fix TOCTOU in xskskbmetadata The TX metadata area resides in the UMEM buffer which is memory-mapped and concurrently writable by userspace. In xskskbmetadata, csumstart and csumoffset are read...

7.8CVSS5.9AI score0.00112EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-52923

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the Btrfs file system where the dirty pages io tree is released prematurely. Within the btrfs write and wait transaction function, the system attempts to write dirty...

7.5CVSS6.1AI score0.00432EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.18 views

PT-2026-53002

Name of the Vulnerable Software and Affected Versions Fluentd versions prior to 1.19.3 Description Insufficient validation of the $tag placeholder allows for the dynamic construction of file paths that can be manipulated. If an instance is configured to receive logs from untrusted sources and use...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References11
OSV
OSV
added 2026/06/25 10:21 p.m.4 views

GHSA-RM3J-F69W-WQMQ golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/25 10:21 p.m.8 views

golang.org/x/crypto vulnerable to infinite loop on large channel writes

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

9.1CVSS6AI score0.00466EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2026/06/25 9:16 p.m.9 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 8:46 p.m.25 views

CVE-2026-56445 pydicom pynetdicom Library Path Traversal

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS0.00434EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/25 8:46 p.m.6 views

CVE-2026-56445

The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join without sanitization, allowing file writes to arbitrary paths...

9.1CVSS6AI score0.00434EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/06/25 8:46 p.m.12 views

CVE-2026-56445

The CVE-2026-56445 issue affects the qrscp application’s C-STORE handler. It directly uses an attacker-supplied DICOM dataset instance in os.path.join() without sanitization, enabling writes to arbitrary file paths on the system. This is a path traversal vulnerability in the file-write path, with...

9.1CVSS6AI score0.00434EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 7:16 p.m.10 views

CVE-2026-53925

Glances is an open-source system cross-platform monitoring tool. From 4.0.8 until 4.5.5, the securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file...

7.8CVSS0.00184EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:47 p.m.24 views

CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.3CVSS0.00637EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 5:56 p.m.6 views

CVE-2026-54250

K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...

5.8CVSS6AI score0.00122EPSS
Exploits0References2
OSV
OSV
added 2026/06/25 3:31 p.m.2 views

OPENSUSE-SU-2026:21159-1 Security update for python-py7zr

This update for python-py7zr fixes the following issues: Changes in python-py7zr: - CVE-2026-23879: crafted malicious symbolic link chains in an archive can lead to an arbitrary file write bsc1268669 - CVE-2026-55195: unchecked extraction size can cause a denial of service bsc1268665 -...

8CVSS5.9AI score0.00404EPSS
Exploits0References6
Rows per page
Query Builder