Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/03/02 9:55 p.m.3 views

GHSA-X82F-27X3-Q89C OpenClaw's TOCTOU symlink race in writeFileWithinRoot could create or truncate files outside root boundaries

Summary A symlink-retarget TOCTOU race in writeFileWithinRoot could point an attacker-controlled path alias outside the configured root between resolution and write operations. Impact Affected versions could cause out-of-root write side effects including file creation or truncation before final...

8.7CVSS5.9AI score
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2025/09/03 10:32 p.m.2 views

Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

...

5.5CVSS7AI score0.0004EPSS
Exploits0
OSV
OSVadded 2025/06/11 6:15 p.m.2 views

AZL-78978 CVE-2025-0913 affecting package golang 1.25.7-1

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS7.2AI score0.0004EPSS
Exploits0References1
OSV
OSVadded 2025/06/11 6:15 p.m.2 views

CVE-2025-0913

os.OpenFilepath, os.OCREATE|OEXCL behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with OCREATE and OEXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would...

5.5CVSS6.6AI score
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 6:2 a.m.1 views

SUSE CVE-2009-3286

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

4.6CVSS6.7AI score0.00095EPSS
Exploits1References5
RedHat Linux
RedHat Linuxadded 2009/11/03 7:28 p.m.0 views

kernel: O_EXCL creates on NFSv4 are broken

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an OEXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the...

4.6CVSS7.2AI score0.00095EPSS
Exploits1References4
OSV
OSVadded 2006/10/16 7:7 p.m.1 views

DEBIAN-CVE-2006-5297

Race condition in the safeopen function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the OEXCL flag on NFS filesystems...

1.2CVSS6.3AI score0.00107EPSS
Exploits0References1
Rows per page
Query Builder