Lucene search
K

68 matches found

RedHat Linux
RedHat Linux
added 2026/07/06 3:45 a.m.7 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 7:43 a.m.5 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
NVD
NVD
added 2026/06/26 12:16 a.m.12 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Flatpak

Flatpak is a Linux application sandboxing and distribution framework. Prior to version 1.16.4, the caching mechanism for ld.so removed outdated cache files without properly checking whether the app’s control over the path to the outdated cache was valid within the cache directory. This allowed...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.10 views

Oracle Linux 9 : flatpak (ELSA-2026-21755)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-21755 advisory. 1.12.9-4.1 - Fix arbitrary code execution via crafted symlinks in sandbox-expose options Resolves: RHEL-165643 - Fix arbitrary file deletion on host v...

10CVSS6.8AI score0.0168EPSS
Exploits0References3
OSV
OSV
added 2026/06/23 4:45 p.m.2 views

CVE-2026-54014 Open WebUI: Sibling-Prefix Path Traversal via /cache/{path} in open-webui/open-webui

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.6, a path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache...

4.3CVSS6AI score0.00244EPSS
Exploits1References3
Snyk
Snyk
added 2026/06/18 2:24 p.m.5 views

External Control of File Name or Path

Overview PraisonAI is a PraisonAI is an AI Agents Framework with Self Reflection. PraisonAI application combines PraisonAI Agents, AutoGen, and CrewAI into a low-code solution for building and managing multi-agent LLM systems, focusing on simplicity, customisation, and efficient human-agent...

8.1CVSS5.9AI score
Exploits0References3
EUVD
EUVD
added 2026/06/15 12:0 a.m.12 views

EUVD-2026-36674

A weakness has been identified in Microweber up to 2.0.20. This affects the function userfilespath of the file /apinosession/thumbnailimg of the component API Endpoint. Executing a manipulation of the argument cachepathrelative can lead to path traversal. It is possible to launch the attack...

7.5CVSS7.2AI score0.00525EPSS
Exploits0References7
CVE
CVE
added 2026/06/15 12:0 a.m.20 views

CVE-2026-12198

CVE-2026-12198 affects Microweber up to 2.0.20. The vulnerability is in the API Endpoint file /api_nosession/thumbnail_img, specifically the function userfiles_path, where manipulating the argument cache_path_relative can cause a path traversal. It is possible to launch the attack remotely, and p...

7.5CVSS7.1AI score0.00525EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.26 views

PT-2026-49149

Name of the Vulnerable Software and Affected Versions Microweber versions prior to 2.0.21 Description A path traversal issue exists in the API Endpoint component. A remote attacker can manipulate the cache path relative argument within the userfiles path function of the '/api nosession/thumbnail...

7.5CVSS5.4AI score0.00525EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2026/06/11 7:28 p.m.11 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerabili...

10CVSS7.9AI score0.0168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/11 7:28 p.m.8 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.6AI score0.00323EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/10 12:0 a.m.8 views

RHEL 8 : flatpak (RHSA-2026:25068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:25068 advisory. Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak:...

10CVSS8.3AI score0.0168EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/06/08 3:33 p.m.10 views

Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/08 3:33 p.m.7 views

GHSA-33MJ-99MG-8G73 Routinator has cache path traversal when processing the module component of rsync URIs

Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator cache. This allows for path traversal by having a module name containing .., potentially providing an attacker access to the entire Routinator rsync cache...

8.3CVSS5.2AI score0.00433EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:43 p.m.9 views

CVE-2026-8412

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS5.5AI score0.0013EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:3 a.m.9 views

RLSA-2026:21755 Important: flatpak security update

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. Security Fixes: flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options CVE-2026-34078 flatpak: Flatpak: Arbitrary file deletion on host via improper cache file...

9CVSS7.7AI score0.0168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.13 views

Important: Red Hat Security Advisory: flatpak security update

An update for flatpak is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

10CVSS7.6AI score0.0168EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/04 6:40 p.m.11 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/04 6:33 p.m.11 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References5
Rows per page
Query Builder