Lucene search
+L

413 matches found

ptsecurity
ptsecurity
added 2026/06/01 12:0 a.m.23 views

PT-2026-45409

Kernel software installed and running inside a Guest/Host VM may post improper commands to the GPU Firmware to trigger a write of data outside the intended GPU memory. A logic error in the address translation allowed a compromised Host Kernel to perform arbitrary writes to firmware memory...

4.3CVSS5.9AI score0.00143EPSS
Exploits0References2
euvd
euvd
added 2026/05/28 2:44 p.m.15 views

EUVD-2026-32910

esm.sh is a no-build content delivery network CDN for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the incoming request path, and ultimately writes the data to storage via buildStorage.Put. The router concatenates the path components...

8.7CVSS5.9AI score0.00362EPSS
Exploits0References1
avleonov
avleonov
added 2026/05/28 2:0 p.m.12 views

About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability

About Elevation of Privilege - Linux Kernel "Fragnesia" CVE-2026-46300 vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from...

7.8CVSS6.2AI score0.03663EPSS
Exploits11
cve
cve
added 2026/05/26 9:32 p.m.32 views

CVE-2026-44788

SharpCompress CVE-2026-44788 describes a path traversal vulnerability in IArchive.WriteToDirectory() (and WriteToDirectoryAsync) that lets untrusted archives create directories outside the extraction root for ZIP and TAR. TAR could escalate to arbitrary file writes via a symlink chain if a Symbol...

6.5CVSS6AI score0.00313EPSS
Exploits1References1Affected Software1
attackerkb
attackerkb
added 2026/05/26 9:32 p.m.20 views

CVE-2026-44788

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

5.9CVSS6AI score0.00313EPSS
Exploits1References2Affected Software1
osv
osv
added 2026/05/26 9:32 p.m.3 views

CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

5.9CVSS6AI score0.00313EPSS
Exploits1References3
vulnrichment
vulnrichment
added 2026/05/26 9:32 p.m.11 views

CVE-2026-44788 SharpCompress: Directory traversal via directory entries in WriteToDirectory (zip slip variant)

SharpCompress is a fully managed C library to deal with many compression types and formats. In 0.47.4 and earlier, a path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be...

5.9CVSS6AI score0.00313EPSS
Exploits1References1
osv
osv
added 2026/05/21 5:5 p.m.7 views

GHSA-5H3G-PX23-W6VW Mobile Verification Toolkit (MVT): Path Traversal via unsanitized File identifiers in iOS Backup processing

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: fileid is used to construct both...

5.3CVSS6.3AI score0.00376EPSS
Exploits0References4
osv
osv
added 2026/05/21 4:24 p.m.17 views

RLSA-2025:10128 Important: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.6CVSS7AI score0.01227EPSS
Exploits14References6
rocky
rocky
added 2026/05/21 4:24 p.m.14 views

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...

9.4CVSS6AI score0.01227EPSS
Exploits14
cnnvd
cnnvd
added 2026/05/19 12:0 a.m.11 views

Apache Camel 安全漏洞

Apache Camel is an open-source integration framework based on the Enterprise Integration Pattern EIP, developed by the Apache Foundation in the United States. This framework provides implementations of Java objects following the EIP pattern and allows routing and mediation rules to be configured...

9.8CVSS6.5AI score0.01425EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/05/18 12:0 a.m.11 views

PT-2026-41719

Name of the Vulnerable Software and Affected Versions Summarize versions prior to 0.15.1 Description A path traversal issue exists in the '/v1/summarize' daemon endpoint. Authenticated users can write files to arbitrary directories by providing an absolute path or directory traversal sequence in...

7.1CVSS5.9AI score0.00396EPSS
Exploits1References7
nvd
nvd
added 2026/05/15 10:16 p.m.21 views

CVE-2026-44566

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.1.124, when attaching files to a promp, the name of the file is derived from the original HTTP upload request and is not validated or sanitized. This allows for users to upload files with...

9.8CVSS0.00336EPSS
Exploits1References1
nessus
nessus
added 2026/05/15 12:0 a.m.11 views

FreeBSD : py-setuptools -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (690144e9-4f88-11f1-982e-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 690144e9-4f88-11f1-982e-00a098b42aeb advisory. https://github.com/pypa/setuptools/security/advisories/GHSA-5rjg-fvgr-3xxf reports: setuptools is a...

8.8CVSS7.3AI score0.01479EPSS
Exploits4References3
snyk
snyk
added 2026/05/11 6:31 p.m.8 views

UNIX Symbolic Link (Symlink) Following

Overview pgadmin4 is a PostgreSQL Tools Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following through the File Manager. An attacker can cause unauthorized file writes or overwrite arbitrary files by planting a symbolic link inside their own storage directory tha...

8.1CVSS5.9AI score0.00359EPSS
Exploits0References2
osv
osv
added 2026/05/07 8:16 p.m.5 views

DEBIAN-CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References1
osv
osv
added 2026/05/07 7:41 p.m.2 views

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS6.4AI score0.0017EPSS
Exploits0References7
cve
cve
added 2026/05/07 7:41 p.m.39 views

CVE-2026-39817

The CVE-2026-39817 issue concerns the Go tool chain: the go tool pack subcommand (used internally by the compiler) does not sanitize output filenames. This allows an attacker to craft a malicious archive that, when unpacked via pack, can write files to arbitrary locations on the filesystem. Repor...

5.9CVSS5.9AI score0.0017EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2026/05/07 12:0 a.m.13 views

PT-2026-39181

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

7.3CVSS6.5AI score0.00205EPSS
Exploits0References3
osv
osv
added 2026/05/06 12:30 p.m.9 views

GHSA-3GMF-P6R4-Q8M6 Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References6
Rows per page
Query Builder