65 matches found
EUVD-2026-36563
MISP contains a path traversal vulnerability in OrganisationsController::getOrgLogo. The vulnerable code builds organisation logo file paths using organisation-controlled fields such as id, name, and uuid without ensuring that the resolved file remains inside the intended APP/files/img/orgs/...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: ext4: Fixed the BUGON issue when the directory entry has an invalid reclen field. The reclen field in the directory entry must be a multiple of 4. A corrupted filesystem image can exploit this bug in the ext4reclentodisk function...
CVE-2026-41366 OpenClaw < 2026.3.31 - Arbitrary Host File Read via appendLocalMediaParentRoots Self-Whitelisting
OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper media parent directory validation to exfiltrate credentials and access sensitive files...
CVE-2026-3864
CVE-2026-3864 affects the Kubernetes CSI Driver for NFS (csi-driver-nfs). The vulnerability arises from insufficient validation of the subDir parameter in volume identifiers, enabling path traversal (../) when creating PersistentVolumes and during volume deletion/cleanup. An attacker with PV crea...
EUVD-2026-11778
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Erlang OTP sshsftpd module allows Path Traversal. This vulnerability is associated with program files lib/ssh/src/sshsftpd.erl and program routines sshsftpd:iswithinroot/2. The SFTP server uses string...
OpenClaw 安全漏洞
OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from an unspecified vulnerability that stems from insufficient validation of the targetDir value during download skill installation, which can be exploited by an attacker to cause files to be written outsid...
Improper Directory Validation
@anthropic-ai/claude-code is vulnerable to improper directory validation. The vulnerability is due to insufficient validation of directory changes when using the cd command with write operations, which allows an attacker to navigate into protected folders e.g., .claude and create or modify files...
EUVD-2026-4947
malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000281)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000281 advisory. An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in xfrmpolicyunlink, which will cause denial of service, because...
SUSE-SU-2025:4257-2 Security update for python311
This update for python311 fixes the following issues: Update to 3.11.14: - CVE-2025-6075: Fixed simple quadratic complexity vulnerabilities of os.path.expandvars bsc1252974 - CVE-2025-8291: Fixed validity of the ZIP64 End of Central Directory EOCD not checked by the 'zipfile' module bsc1251305...
EUVD-2025-25803
Malicious code in bioql PyPI...
EUVD-2022-1194
Malicious code in bioql PyPI...
SUSE CVE-2025-38710
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate idepth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in direread, causing an undefined shift by 32 at: index = hash 32 - dip-idepth; As calculated in an open-coded way in...
CVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002 Arbitrary File Creation via Symbolic Link leading to Denial-of-Service
Race Condition in the Directory Validation Logic in the TeamViewer Full Client and Host prior version 15.69 on Windows allows a local non-admin user to create arbitrary files with SYSTEM privileges, potentially leading to a denial-of-service condition, via symbolic link manipulation during...
CVE-2025-44002
CVE-2025-44002 affects TeamViewer Full Client and TeamViewer Host before version 15.69 on Windows. The root cause is a race condition in the directory validation logic, allowing a local non-admin user to exploit symbolic-link manipulation to create arbitrary files with SYSTEM privileges, potentia...
TeamViewer Full Client和TeamViewer Host 安全漏洞
TeamViewer Full Client and TeamViewer Host are both a remote control software from the German company TeamViewer. A security vulnerability exists in TeamViewer Full Client and TeamViewer Host versions prior to 15.69, which stems from a contention condition in the directory validation logic that...
PT-2025-34754 · Teamviewer · Teamviewer
Name of the Vulnerable Software and Affected Versions: TeamViewer versions prior to 15.69 Description: A race condition exists in the directory validation logic within the TeamViewer Full Client and Host on Windows. This allows a local, non-administrator user to create arbitrary files with SYSTEM...