Lucene search
K

101 matches found

EUVD
EUVD
added 2026/06/29 10:15 a.m.7 views

EUVD-2026-40068

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS5.9AI score0.00105EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52581

Name of the Vulnerable Software and Affected Versions @anthropic-ai/claude-code versions 2.1.59 through 2.1.127 Description The /copy command writes responses to a hardcoded and predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The resulting file i...

4.4CVSS6AI score0.00149EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.8 views

Amazon Linux 2023 : python3.12-pip, python3.12-pip-wheel (ALAS2023-2026-1840)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1840 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.7 views

Amazon Linux 2023 : python3.13-pip, python3.13-pip-wheel (ALAS2023-2026-1841)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1841 advisory. A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially...

8CVSS6.2AI score0.0032EPSS
Exploits0References4
NVD
NVD
added 2026/06/10 10:16 p.m.10 views

CVE-2026-45384

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS0.00125EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:0 p.m.30 views

CVE-2026-45384 bit7z: Arbitrary File Overwrite via Symlink Attack on Predictable Temp File During Archive Update

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS0.00125EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 8:0 p.m.10 views

EUVD-2026-36115

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, there is an arbitrary file overwrite vulnerability via symlink attack on predictable temp files during archive update. This issue has been patched in version 4.0.12...

6.1CVSS5.5AI score0.00125EPSS
Exploits0References2
FreeBSD Advisory
FreeBSD Advisory
added 2026/06/09 12:0 a.m.21 views

FreeBSD-SA-26:26.ktls

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:26.ktls Security Advisory The FreeBSD Project Topic: Arbitrary file overwrite via the KTLS receive path Category: core Module: ktls Announced: 2026-06-09...

7.8CVSS5.5AI score0.00154EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.10 views

RHEL 10 : vim (RHSA-2026:22711)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:22711 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via...

7.1CVSS5.6AI score0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/04/27 5:38 p.m.15 views

JLSEC-2026-213 When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function...

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.6AI score0.00142EPSS
Exploits0References5
CVE
CVE
added 2026/04/22 4:8 p.m.24 views

CVE-2026-35355

CVE-2026-35355 concerns the install utility in uutils coreutils . The vulnerability arises from a TOCTOU race during file installation: the code unlinks an existing destination file and then recreates it via a path-based operation without using the O_EXCL flag. This creates a window where a local...

6.3CVSS5.8AI score0.00118EPSS
Exploits1References2Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/20 11:29 p.m.9 views

SUSE CVE-2026-5958

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

6.9CVSS5.9AI score0.00142EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/20 11:59 a.m.3 views

CVE-2026-5958 Race Condition in GNU Sed

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/20 11:59 a.m.40 views

CVE-2026-5958 Race Condition in GNU Sed

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS0.00142EPSS
Exploits0References2
CVE
CVE
added 2026/04/20 11:59 a.m.87 views

CVE-2026-5958

The CVE concerns GNU sed. When sed is invoked with both -i (in-place edit) and --follow-symlinks, open_next_file() performs two non-atomic operations on the same path: (1) resolve the symlink to its target and store the resolved path, and (2) open the original symlink path to read the file. A rac...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/04/20 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-5958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the...

2.1CVSS6.1AI score0.00142EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.2 views

CVE-2026-30291

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

8.4CVSS6.4AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/02 5:4 a.m.3 views

CVE-2026-30292

An arbitrary file overwrite vulnerability in Docudepot PDF Reader: PDF Viewer APP v1.0.34 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

8.4CVSS6.4AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/01 3:31 p.m.5 views

EUVD-2026-17891

An arbitrary file overwrite vulnerability in Ora Tools PDF Reader ' Reader & Editor APPv4.3.5 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

8.4CVSS6.4AI score0.00141EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

Ora Tools PDF Reader 安全漏洞

Ora Tools PDF Reader is a document reading tool developed by Ora Tools Corporation in China. It supports browsing and basic processing of PDF files. There is a security vulnerability in the APPv4.3.5 version of Ora Tools PDF Reader. This vulnerability stems from the possibility of arbitrary file...

8.4CVSS6AI score0.00141EPSS
Exploits0References4
Rows per page
Query Builder