Lucene search
+L

7 matches found

Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00343EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.13 views

PT-2026-48601

Name of the Vulnerable Software and Affected Versions pdm versions prior to 2.28.0 Description The write to fs function in the InstallDestination class fails to properly validate file paths when adding symlink or hardlink support. It replaces the secure path with destdir method, which uses...

7.1CVSS5.9AI score0.00047EPSS
Exploits0References17
NVD
NVD
added 2026/03/10 6:18 p.m.7 views

CVE-2026-30973

Appium is an automation framework that provides WebDriver-based automation possibilities for a wide range platforms. Prior to 7.0.6, @appium/support contains a ZIP extraction implementation extractAllTo via ZipExtractor.extract with a path traversal Zip Slip check that is non-functional. The chec...

6.5CVSS0.00388EPSS
Exploits1References2
NVD
NVD
added 2026/02/26 9:28 p.m.9 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS0.00154EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 7:57 p.m.7 views

CVE-2026-27151

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the moveposts action only checked canmoveposts? on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move...

5.3CVSS5.8AI score0.00154EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/01/09 12:0 a.m.3 views

UBUNTU-CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02224EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2021/08/27 3:15 p.m.3 views

CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.7AI score0.025EPSS
Exploits1References11
Rows per page
Query Builder