CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

GHSA-CF92-GFCW-6V53 Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

PT-2026-38266

Name of the Vulnerable Software and Affected Versions Magic Wormhole versions prior to 0.24.0 Description A path traversal issue exists when a receiver uses the --output option and the specified output directory already exists on the system. Path traversal is a flaw that allows an attacker to...

CVE-2025-13663

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

EUVD-2025-202852

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...

CVE-2025-13663

CVE-2025-13663 concerns the Quartus Prime Pro Installer for Windows, where, under certain circumstances, the installer does not check the permissions of the target Quartus installation directory if the directory already exists. The issue is documented across multiple sources (NVD, Red Hat, CVE re...

PT-2025-50725

Under certain circumstances, the Quartus Prime Pro Installer for Windows does not check the permissions of the Quartus target installation directory if the target installation directory already exists...