Lucene search
K

984 matches found

Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-58052 7-Zip - Mark-of-the-Web Bypass via RAR5 Alternate Data Stream Name Collision

7-Zip for Windows through 26.02 fails to preserve the Mark-of-the-Web when extracting a crafted RAR5 archive, because its guard that suppresses an archive-supplied Zone.Identifier stream matches the exact name 'Zone.Identifier' while a RAR5 STM record named ':Zone.Identifier:$DATA' is not matched...

4.8CVSS0.00119EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-52887

Name of the Vulnerable Software and Affected Versions Envoy versions prior to 1.35.11 Envoy versions prior to 1.36.7 Envoy versions prior to 1.37.3 Envoy versions prior to 1.38.1 Description A structural flaw exists in the DefaultCertValidator::verifySubjectAltName function. The issue occurs when...

4.4CVSS5.8AI score0.00212EPSS
Exploits1References20
NVD
NVD
added 2026/06/22 6:16 p.m.9 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS0.00393EPSS
Exploits1References1
CVE
CVE
added 2026/06/22 4:10 p.m.121 views

CVE-2026-53571

CVE-2026-53571 affects the Vite dev server. On Windows, the denial mechanism implemented by the option server.fs.deny fails to normalize NTFS ADS path forms before access checks, allowing bypasses such as /.env::$DATA?raw and access via 8.3 short-name tricks. This can enable exposure of sensitive...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References1Affected Software2
ATTACKERKB
ATTACKERKB
added 2026/06/22 4:10 p.m.4 views

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

8.2CVSS5.9AI score0.00393EPSS
Exploits1References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Thunderbird

When loading the shared library that provides the OTR protocol implementation, Thunderbird initially attempts to open it using a filename that is not distributed by Thunderbird. If a computer has already been infected with a malicious library from the alternative filename, and the malicious libra...

7.8CVSS6.8AI score0.00316EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Issue: Skipping the reallocation of the Unicode buffer when the console size is resized after exiting the AltScreen mode. When the enteraltscreen function saves vcunilines into vcsavedunilines and sets vcunilines to NULL, a...

7.8CVSS5.9AI score0.00127EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in libgit2

A issue was discovered in libgit2 before versions 0.28.4 and 0.9x before version 0.99.0. path.c improperly handles equivalent filenames that exist due to NTFS Alternate Data Streams. This may allow remote code execution when cloning a repository. This issue is similar to CVE-2019-1352...

9.8CVSS9.1AI score0.0511EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba, specifically in the vfsstreamsxattr module. In this module, uninitialized heap memory could be written into alternate data streams. This allows an authenticated user to read residual memory content, which may include sensitive data, resulting in an information...

4.3CVSS7.5AI score0.00421EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:3 p.m.18 views

CVE-2026-50194 Steeltoe vulnerable to management-port isolation bypass via spoofed Host header

Steeltoe is an open source project that provides a collection of libraries that helps users build cloud-native applications. When Steeltoe management endpoints versions 3.2.2 through 3.3.0 and 4.1.0 are configured to listen on an alternate port Management:Endpoints:Port is configured, the...

8.2CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/06/17 2:17 p.m.10 views

CVE-2026-54817

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS0.00261EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 1:36 p.m.11 views

EUVD-2026-37706

Authentication Bypass Using an Alternate Path or Channel vulnerability in FluxBuilder MStore API allows Password Recovery Exploitation. This issue affects MStore API: from n/a through 4.18.4...

6.5CVSS5.2AI score0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.14 views

PT-2026-50554

Name of the Vulnerable Software and Affected Versions Steeltoe versions 3.2.2 through 3.3.0 Steeltoe version 4.1.0 Description Steeltoe is an open source project providing libraries for building cloud-native applications. An issue exists where management endpoints, when configured to listen on an...

8.2CVSS6AI score0.00238EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/16 3:30 a.m.8 views

EUVD-2026-37023

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

5.7AI score0.00295EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.4 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite-plus versions = 0.1.23...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Patchstack
Patchstack
added 2026/06/15 5:17 p.m.5 views

NPM: vite: `server.fs.deny` bypass on Windows alternate paths

NPM: vite: server.fs.deny bypass on Windows alternate paths vulnerability discovered by ? in WordPress Npm vite versions = 6.4.2...

8.2CVSS5.8AI score0.00393EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2026/06/15 5:17 p.m.10 views

Directory Traversal

Overview vite-plus is a The Unified Toolchain for the Web Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits1References2
Snyk
Snyk
added 2026/06/15 5:17 p.m.8 views

Directory Traversal

Overview vite is a Native-ESM powered web dev build tool Affected versions of this package are vulnerable to Directory Traversal due to improper checks for file system paths on Windows platforms in isFileLoadingAllowed function. An attacker can obtain sensitive file contents by bypassing path...

8.2CVSS6.5AI score0.00393EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/06/15 5:17 p.m.217 views

vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits1References2Affected Software2
OSV
OSV
added 2026/06/15 5:17 p.m.8 views

GHSA-FX2H-PF6J-XCFF vite: `server.fs.deny` bypass on Windows alternate paths

Summary The contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - the sensitive file...

8.2CVSS5.4AI score0.00393EPSS
Exploits1References2
Rows per page
Query Builder