Lucene search
K

1657 matches found

RedhatCVE
RedhatCVE
added 2026/05/27 5:21 p.m.18 views

CVE-2026-8643

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS6AI score0.0032EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/27 5:3 p.m.13 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the wheel installation process. An attacker can overwrite arbitrary files within the installing user's permissions by convincing a user to install a specially crafted Python wheel containing malicious entry-point...

8.5CVSS6.3AI score0.0032EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/27 12:0 a.m.18 views

CentOS 9 : vim-8.2.2637-29.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the vim-8.2.2637-29.el9 build changelog. - Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass CVE-2026-35177 Note that Nessus has not tested for this issue but has inste...

7.1CVSS5.8AI score0.00126EPSS
Exploits0References2
OSV
OSV
added 2026/05/26 5:51 p.m.8 views

USN-8307-1 onnx vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS7.4AI score0.01168EPSS
Exploits1References2
Ubuntu
Ubuntu
added 2026/05/26 5:51 p.m.18 views

USN-8307-1: ONNX vulnerability

It was discovered that ONNX did not properly validate paths when extracting tar archives during model downloads. An attacker could possibly use this issue to overwrite arbitrary files on the system...

8.8CVSS6AI score0.01168EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.17 views

PT-2026-43311

Name of the Vulnerable Software and Affected Versions FastNetMon Community Edition versions prior to 1.2.10 Description A local symlink attack is possible due to predictable file paths in the /tmp directory. The software uses a default statistics file path at '/tmp/fastnetmon.dat'. The print scre...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References6
CVE
CVE
added 2026/05/26 12:0 a.m.24 views

CVE-2026-48693

CVE-2026-48693 concerns the FastNetMon Community Edition up to 1.2.9. The issue is a local symlink attack due to predictable file paths in /tmp, notably the default statistics file at '/tmp/fastnetmon.dat'. The vulnerable code path opens this path with std::ios::trunc without following symlinks o...

5.5CVSS5.9AI score0.00127EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.14 views

Unity Linux 20.1060e / 20.1070e Security Update: nodejs-fstream (UTSA-2026-016675)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016675 advisory. fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file th...

7.5CVSS7.1AI score0.02416EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/21 5:11 p.m.10 views

androidqf: APK download Path Traversal in device APK paths

Summary During device acquisition, getPathToLocalCopy constructs local filesystem paths for downloaded APKs using a filename component extracted by extractFileName. The extraction splits on ==/ and takes the remainder without sanitization. If a compromised device returns a crafted APK path...

5.9AI score
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/19 1:54 p.m.11 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:54 p.m.11 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.3AI score0.00233EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.12 views

node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition

A flaw was found in node-tar, a library for Node.js. This race condition vulnerability occurs due to incomplete handling of Unicode path collisions within the path-reservations system on case-insensitive filesystems, such as macOS APFS. A remote attacker can exploit this by providing a specially...

8.8CVSS6.2AI score0.00233EPSS
Exploits1References6
RedHat Linux
RedHat Linux
added 2026/05/19 9:16 a.m.11 views

node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives

A flaw was found in the node-tar library. This vulnerability allows an attacker to craft malicious archives that, when extracted, can bypass intended security restrictions. This leads to arbitrary file overwrite and symlink poisoning, potentially allowing unauthorized modification of files on the...

8.2CVSS6.6AI score0.00334EPSS
Exploits2References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.13 views

RHEL 10 : linux-sgx (RHSA-2026:18480)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18480 advisory. The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SG...

8.8CVSS6.7AI score0.01535EPSS
Exploits5References16
Snyk
Snyk
added 2026/05/18 11:50 p.m.8 views

Directory Traversal

Overview @joplin/onenote-converter is an Used to import a OneNote archive into Joplin Affected versions of this package are vulnerable to Directory Traversal via the OneNote importer. An attacker can overwrite arbitrary files on disk by supplying a crafted .one file containing specially crafted...

8.2CVSS6.3AI score0.00206EPSS
Exploits0References2
NVD
NVD
added 2026/05/18 9:16 p.m.15 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS0.00206EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/18 8:23 p.m.11 views

CVE-2026-22810

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded...

8.2CVSS5.9AI score0.00206EPSS
Exploits0References6Affected Software1
CNNVD
CNNVD
added 2026/05/18 12:0 a.m.10 views

Joplin 安全漏洞

Joplin is an open-source note-taking and to-do application developed by Laurent Cozic. Versions of Joplin prior to 3.5.7 contained a security vulnerability. This vulnerability stemmed from path traversal vulnerabilities in the importer; the OneNote converter did not clean up embedded file names...

8.2CVSS5.8AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2026/05/15 4:27 p.m.7 views

GHSA-GCMJ-C9GG-9VH6 @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files

Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that...

8.2CVSS6.2AI score0.00206EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.17 views

PT-2026-41386

Name of the Vulnerable Software and Affected Versions Joplin versions prior to 3.5.7 Description A path traversal issue exists in the OneNote importer. The OneNote converter fails to sanitize the names of embedded files before writing them to disk. An attacker can create a malicious .one file...

8.2CVSS6.3AI score0.00206EPSS
Exploits0References10
Rows per page
Query Builder