Lucene search
K

1655 matches found

Cvelist
Cvelist
added 2026/05/12 6:55 p.m.33 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:55 p.m.9 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:55 p.m.22 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/05/09 12:33 p.m.9 views

OESA-2026-2283 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
OSV
OSV
added 2026/05/09 12:33 p.m.10 views

OESA-2026-2282 sed security update

Sed is a non-interactive command-line text editor. A stream editor is used to per-form basic text transformations on an input stream a file or input from a pipeline. Security Fixes: When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/06 8:46 p.m.6 views

CVE-2026-40281

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00611EPSS
Exploits1References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/04 2:25 p.m.9 views

Security Bulletin: Vulnerability in node-tar affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.

Summary Potential vulnerability in node-tar has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. . The vulnerability have been addressed. Refer to details for additional information...

8.8CVSS6.2AI score0.00233EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2026/05/01 11:18 a.m.4 views

EUVD-2026-26497

The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'addpluginspage' and 'addthemespage' functions. This makes it possible for unauthenticated attackers to overwrite arbitrar...

8.8CVSS5.9AI score0.00168EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/29 11:9 a.m.3 views

Security update for sed

This update for sed fixes the following issues: CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

6.9CVSS5.6AI score0.00142EPSS
Exploits0References4
Veracode
Veracode
added 2026/04/29 11:4 a.m.8 views

Arbitrary File Overwrite

org.springframework.boot, spring-boot is vulnerable to arbitrary file overwrite. The vulnerability is due to insecure handling of the PID file via ApplicationPidFileWriter, which allows a local attacker with write access to the PID file location to exploit symlink behavior and overwrite or corrup...

6.7CVSS5.5AI score0.00112EPSS
Exploits0References3Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.7 views

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Vim vulnerabilities (USN-8213-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8213-1 advisory. Micha Majchrowicz discovered that Vim's zip plugin could overwrite arbitrary files. A...

7.8CVSS6.2AI score0.0062EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 5:25 p.m.5 views

SUSE-SU-2026:21413-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
OSV
OSV
added 2026/04/27 5:15 p.m.3 views

SUSE-SU-2026:21448-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: TOCTOU race allows write of user-controlled content to unintended files and can lead to arbitrary file overwrite bsc1262144...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/23 3:7 p.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the Untar and Unzip functions in pkg/archive/archive.go. An attacker can overwrite arbitrary files on the filesystem by crafting a malicious tar or zip archive containing directory traversal sequences and trickin...

9.1CVSS6.4AI score0.00418EPSS
Exploits3References2
Snyk
Snyk
added 2026/04/23 2:28 p.m.6 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the put function. An attacker can overwrite or create arbitrary files in the webroot by enticing a user to visit a malicious website, which then issues crafted PUT requests through the victim's browse...

7.1CVSS5.5AI score0.00165EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.31 views

CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

6.3CVSS0.00091EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:8 p.m.27 views

CVE-2026-35364

The CVE-2026-35364 entry describes a TOCTOU race in the mv utility of the uutils coreutils project during cross-device operations. The vulnerability arises when mv removes the destination path and recreates it via a copy; a local attacker with write access to the destination directory can replace...

6.3CVSS5.9AI score0.00091EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.28 views

CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS0.00108EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/22 4:8 p.m.3 views

CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

6.3CVSS5.9AI score0.00108EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.27 views

CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race

The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file installation. The implementation unlinks an existing destination file and then recreates it using a path-based operation without the OEXCL flag. A local attacker can exploit t...

6.3CVSS0.00118EPSS
Exploits1References2
Rows per page
Query Builder