Lucene search
+L

416 matches found

OSV
OSV
added 2026/05/07 7:41 p.m.5 views

CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS6.4AI score0.0017EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.13 views

PT-2026-39181

Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...

7.3CVSS6.5AI score0.00205EPSS
Exploits0References3
OSV
OSV
added 2026/05/06 12:30 p.m.9 views

GHSA-3GMF-P6R4-Q8M6 Apache Wicket has a Path Traversal issue

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

6.5CVSS5.9AI score0.00732EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/05/06 1:41 a.m.8 views

SUSE CVE-2026-42091

goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...

6.5CVSS5.9AI score0.00165EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.13 views

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bound read and write operations to the GFX interface. This vulnerability could allow remote attackers to execute arbitrary...

5.4CVSS6.4AI score0.00171EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/05/04 7:32 p.m.11 views

Kata Container has CopyFile Policy Subversion via Symlinks

Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...

8.8CVSS5.9AI score0.00269EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/05/04 6:16 p.m.15 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS0.00313EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/05/04 5:13 p.m.5 views

CVE-2026-42085

OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/02 12:0 a.m.11 views

RHCOS 4 : OpenShift Container Platform 4.17.47 (RHSA-2026:0701)

The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0701 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...

8.4CVSS6.2AI score0.0067EPSS
Exploits4References8
Github Security Blog
Github Security Blog
added 2026/04/30 8:57 p.m.10 views

Contras Affected by CopyFile Policy Subversion via Symlinks

Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...

5.6AI score
Exploits0References5Affected Software1
CVE
CVE
added 2026/04/30 12:0 a.m.13 views

CVE-2026-36760

CVE-2026-36760 affects JeeSite v5.15.1. The issue is in the fileMd5 parameter of the /a/file/upload endpoint, where authenticated users with file-upload permissions can trigger a path traversal and write arbitrary files (restricted by whitelisted suffixes) to arbitrary filesystem locations when c...

9.6CVSS5.7AI score0.00383EPSS
Exploits0References2
OSV
OSV
added 2026/04/29 2:16 p.m.1 views

CVE-2026-42520

Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...

7.5CVSS6.7AI score
Exploits0References1
OSV
OSV
added 2026/04/29 11:9 a.m.4 views

SUSE-SU-2026:1659-1 Security update for sed

This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

2.1CVSS5.5AI score0.00142EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/04/26 6:18 p.m.431 views

denuOwO-hypervisor-vulnerabilities

DenuOwO SVM/VMX Hypervisor — 6 Vulnerabilities PoC + Analysis...

6.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/24 6:46 p.m.5 views

CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

8.2CVSS5.5AI score0.00269EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/23 12:0 a.m.7 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: sleuthkit (UTSA-2026-014271)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014271 advisory. The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intende...

8.4CVSS6.3AI score0.00167EPSS
Exploits0References4
OSV
OSV
added 2026/04/22 10:22 p.m.5 views

GHSA-4JVX-93H3-F45H OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References8
Github Security Blog
Github Security Blog
added 2026/04/22 10:22 p.m.13 views

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2026/04/22 6:31 p.m.5 views

GHSA-M26V-HJQ3-X245 Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwm6-q8ch-hcfr. This link is maintained to preserve external references. Original Description A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the ...

6.3CVSS6AI score0.00108EPSS
Exploits0References5
RubySec
RubySec
added 2026/04/22 12:0 a.m.12 views

OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames

Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...

4.3CVSS5.9AI score0.00313EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder