416 matches found
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go
The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...
PT-2026-39181
Andrew Nesbitt discovered that opam did not properly validate file destination paths in package install files. An attacker could use this issue to bypass sandbox protections and write files to arbitrary locations, possibly leading to arbitrary code execution...
GHSA-3GMF-P6R4-Q8M6 Apache Wicket has a Path Traversal issue
FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...
SUSE CVE-2026-42091
goshs is a SimpleHTTPServer written in Go. Prior to version 2.0.2, the PUT upload handler httpserver/updown.go lacks the CSRF token validation that was added to the POST upload handler during the CVE-2026-40883 fix. Combined with the unconditional Access-Control-Allow-Origin: on the OPTIONS...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.96 contained a buffer overflow vulnerability, which was caused by out-of-bound read and write operations to the GFX interface. This vulnerability could allow remote attackers to execute arbitrary...
Kata Container has CopyFile Policy Subversion via Symlinks
Summary An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those running inside CVMs. Details...
CVE-2026-42085
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
CVE-2026-42085
OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations...
RHCOS 4 : OpenShift Container Platform 4.17.47 (RHSA-2026:0701)
The remote Red Hat Enterprise Linux CoreOS 4 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:0701 advisory. - runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 - runc: container escape with malicious...
Contras Affected by CopyFile Policy Subversion via Symlinks
Impact The Kata agent policies generated by the Contrast CLI had an issue in the CopyFile verification, which allowed arbitrary writes to the guest root filesytem. A malicious process on the host with the capability to connect to the Kata agent VSOCK could connect to the agent and issue a series ...
CVE-2026-36760
CVE-2026-36760 affects JeeSite v5.15.1. The issue is in the fileMd5 parameter of the /a/file/upload endpoint, where authenticated users with file-upload permissions can trigger a path traversal and write arbitrary files (restricted by whitelisted suffixes) to arbitrary filesystem locations when c...
CVE-2026-42520
Jenkins Credentials Binding Plugin 719.v80e905ef14eb and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins...
SUSE-SU-2026:1659-1 Security update for sed
This update for sed fixes the following issues: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...
denuOwO-hypervisor-vulnerabilities
DenuOwO SVM/VMX Hypervisor — 6 Vulnerabilities PoC + Analysis...
CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: sleuthkit (UTSA-2026-014271)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-014271 advisory. The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intende...
GHSA-4JVX-93H3-F45H OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...
GHSA-M26V-HJQ3-X245 Duplicate Advisory: uutils coreutils has a Time-of-Check to Time-of-Use (TOCTOU) race condition
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gwm6-q8ch-hcfr. This link is maintained to preserve external references. Original Description A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the ...
OpenC3 COSMOS allows arbitrary writes to plugins directory via path-traversed config filenames
Summary OpenC3 COSMOS contains a design flaw in the savetoolconfig function that allows saving tool configuration files at arbitrary locations inside the shared /plugins directory tree by supplying crafted configuration filenames. Although the implementation sufficiently mitigates standard path...