Lucene search
K

1659 matches found

CVE
CVE
added yesterday8 views

CVE-2026-22102

CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday16 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS0.00431EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added last week5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.4AI score0.0032EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:58 p.m.6 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/07/01 7:34 p.m.6 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 10:38 a.m.6 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/30 10:38 a.m.12 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

8.2CVSS6.4AI score0.00552EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.8 views

RHEL 8 : vim (RHSA-2026:33453)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:33453 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References10
NVD
NVD
added 2026/06/29 12:16 p.m.10 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-442 PaddlePaddle Path Traversal vulnerability

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...

9.1CVSS7.3AI score0.01048EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.53 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:15 a.m.35 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 7:52 a.m.5 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 10 : vim (RHSA-2026:30900)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30900 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.3AI score0.00552EPSS
Exploits0References10
OSV
OSV
added 2026/06/25 5:41 p.m.4 views

JLSEC-2026-626 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS6AI score0.00152EPSS
Exploits0References7
OSV
OSV
added 2026/06/25 8:25 a.m.16 views

SUSE-SU-2026:2628-1 Security update for libzypp

This update for libzypp fixes the following issue - CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten bsc1259802. - CVE-2026-44942: Fixed possible path traversal attacks via .repo files 'path=' entries bsc1267874...

8.8CVSS5.9AI score0.006EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in busybox

A flaw was discovered in BusyBox. Incomplete path sanitization in its archive extraction utilities allows attackers to create malicious archives. When these archives are extracted, and under certain conditions, they may write to files outside of the intended directory. This can lead to arbitrary...

7CVSS7.6AI score0.00682EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/06/23 6:43 a.m.8 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/22 10:23 p.m.8 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS6AI score0.00126EPSS
Exploits0References5
Rows per page
Query Builder