Lucene search
K

562 matches found

OSV
OSV
added 2026/04/22 6:31 p.m.6 views

GHSA-W8M4-4V35-V6X3 uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References3
EUVD
EUVD
added 2026/04/22 6:31 p.m.5 views

EUVD-2026-24969

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/22 6:31 p.m.8 views

uutils coreutils allows unauthorized modification of permissions on existing files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.5AI score0.00165EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/04/22 4:7 p.m.32 views

CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS0.00165EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:7 p.m.18 views

CVE-2026-35341

The CVE-2026-35341 entry concerns uutils coreutils mkfifo. The vulnerability arises when mkfifo tries to create a FIFO but a file already exists at the target path; the operation for that path does not terminate and a follow-up set_permissions call executes, changing the existing file’s permissio...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/22 4:7 p.m.4 views

CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:7 p.m.3 views

CVE-2026-35341

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.6 views

PT-2026-34477

A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target path, it fails to terminate the operation for that path and continues to execute a follow-up set...

7.1CVSS5.9AI score0.00165EPSS
Exploits1References2
OSV
OSV
added 2026/04/17 10:11 p.m.3 views

GHSA-527M-976R-JF79 OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

Summary Existing-session browser interaction routes bypassed SSRF policy enforcement. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Existing-session browser interaction routes could continue interacting with or navigating targets without...

7.7CVSS5.7AI score0.00253EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2026/04/17 10:11 p.m.12 views

OpenClaw: Existing-session browser interaction routes bypassed SSRF policy enforcement

Summary Existing-session browser interaction routes bypassed SSRF policy enforcement. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.10 Impact Existing-session browser interaction routes could continue interacting with or navigating targets without...

7.7CVSS5.7AI score0.00253EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.15 views

PT-2026-37028

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.10 Description A server-side request forgery SSRF policy bypass exists in existing-session browser interaction routes. This allows attackers to bypass navigation guards to interact with or navigate to...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.2 views

SUSE SLES12 Security Update : python-requests (SUSE-SU-2026:1218-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1218-1 advisory. - CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already...

5.5CVSS6.2AI score0.00182EPSS
Exploits0References4
SUSE Linux
SUSE Linux
added 2026/04/08 2:39 p.m.5 views

Security update for python-requests

This update for python-requests fixes the following issues: CVE-2026-25645: extractzippedpaths uses predictable filenames when extracting files from zip archives and reuses target files that already exist without validation bsc1260589. Patch Instructions: To install this SUSE update use the SUSE...

6.8CVSS5.9AI score0.00182EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/03 4:8 a.m.3 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in the POST multipart upload process. An attacker can write arbitrary files to any existing directory on the filesystem by crafting a specially constructed URL path containing directory traversal sequences and...

9.8CVSS6.3AI score0.00683EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/04/01 12:0 a.m.4 views

PT-2026-29816

Name of the Vulnerable Software and Affected Versions listmonk versions 4.1.0 through 6.0.0 Description listmonk, a self-hosted newsletter and mailing list manager, has a session management issue. Previously issued authenticated sessions remain valid after sensitive account security changes, such...

7.1CVSS5.9AI score0.003EPSS
Exploits2References7
RedHat Linux
RedHat Linux
added 2026/03/30 4:23 p.m.9 views

kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

A flaw null pointer dereference in the Linux kernel NFS functionality was found in the way client does some specific action for existing NFS connection. A client user could use this flaw to crash the server system...

6.4AI score0.00177EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-29792

Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. From 5.0.0 to before 5.0.42, an unauthenticated attacker can send a crafted GET request directly to /oauth/:provider/callback with a forged profile in the query string. The OAuth service's...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1
Redos
Redos
added 2026/03/19 12:0 a.m.4 views

ROS-20260319-73-0002

A vulnerability in the HTTP/2 protocol implementation is related to the ability to generate a stream of requests within an already established network connection, without opening new network connections and without acknowledging the receipt of packets. Exploitation of the vulnerability could allo...

7.5CVSS7.3AI score0.99999EPSS
Exploits19
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-24097

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing...

5.3CVSS5.9AI score0.00237EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/13 9:31 p.m.2 views

EUVD-2026-11782

Improper permission enforcement in Checkmk versions 2.4.0 before 2.4.0p23, 2.3.0 before 2.3.0p43, and 2.2.0 EOL allows authenticated users to enumerate existing hosts by observing different HTTP response codes in agent-receiver/registerexisting endpoint, which could lead to information disclosure...

5.3CVSS5.8AI score0.00237EPSS
Exploits0References2
Rows per page
Query Builder