Lucene search
+L

1667 matches found

AlmaLinux
AlmaLinux
added 2026/06/03 12:0 a.m.14 views

Moderate: vim security update

Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other relat...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 1:33 p.m.11 views

OESA-2026-2478 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 6:34 p.m.9 views

USN-8229-2 sed vulnerability

USN-8229-1 fixed a vulnerability in sed. This update provides the corresponding update for Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. Original advisory details: Michał Majchrowicz and Marcin Wyczechowski discovered that sed incorrectly handled symbolic links when performing in-place edits. A local...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.14 views

RockyLinux 9 : linux-sgx (RLSA-2026:18868)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:18868 advisory. qs: qs: Denial of Service via improper input validation in array parsing CVE-2025-15284 node-tar: tar: node-tar: Arbitrary file overwrite and symlink...

8.8CVSS7AI score0.01535EPSS
Exploits5References11
RedhatCVE
RedhatCVE
added 2026/05/27 5:21 p.m.19 views

CVE-2026-8643

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS6AI score0.0032EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/27 5:3 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.0032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

CentOS 9 : vim-8.2.2637-29.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-29.el9 build changelog. - Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Note that Nessus has not tested for this issue but has inste...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 5:51 p.m.9 views

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS7.4AI score0.01168EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/26 5:51 p.m.21 views

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS6AI score0.01168EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.19 views

PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 12:0 a.m.24 views

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2026/05/23 5:35 a.m.8 views

Path Traversal

github.com/openclaw/crabbox is vulnerable to path traversal. The vulnerability is due to improper validation of workspace path resolution in the Islo provider, which allows an attacker to supply crafted absolute or relative paths through a malicious .crabbox.yaml or crabbox.yaml file to perform...

7.1CVSS6AI score0.00144EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.15 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...

7.5CVSS7.1AI score0.02416EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 5:11 p.m.13 views

androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

5.9AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 1:54 p.m.12 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.3AI score0.00233EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:54 p.m.11 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.13 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.2AI score0.00233EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.12 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.13 views

RHEL 10 : linux-sgx (RHSA-2026:18480)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18480 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SG...

8.8CVSS6.7AI score0.01535EPSS
Exploits5References16
Snyk
Snyk
added 2026/05/18 11:50 p.m.8 views

Directory Traversal

Overview @joplin/onenote-converter is an Used to import a OneNote archive into Joplin Affected versions of this package are vulnerable to Directory Traversal via the OneNote importer. An attacker can overwrite arbitrary files on disk by supplying a crafted .one file containing specially crafted...

8.2CVSS6.3AI score0.00206EPSS
Exploits0References2
Rows per page
Query Builder