Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.12 views

CVE-2026-6968

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS5.5AI score0.0052EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/24 7:44 p.m.6 views

EUVD-2026-25629

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS5.4AI score0.0052EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/24 7:44 p.m.7 views

CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough

Incomplete path traversal fixes in awslabs/tough before tough-v0.22.0 allow remote authenticated users with delegated signing authority to write files outside intended output directories via absolute target names in copytarget/linktarget, symlinked parent directories in savetarget, or symlinked...

7.1CVSS5.4AI score0.0052EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.8 views

PT-2026-35081

Name of the Vulnerable Software and Affected Versions awslabs/tough versions prior to 0.22.0 Description Incomplete path traversal fixes allow remote authenticated users with delegated signing authority to write files outside intended output directories. This occurs because write paths trust the...

7.1CVSS5.3AI score0.0052EPSS
Exploits0References11
Rows per page
Query Builder