Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2 days ago3 views

CVE-2026-12958

Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...

8.5CVSS0.00142EPSS
Exploits0References2
AstraLinux
AstraLinuxadded 6 days ago5 views

Astra Linux – Vulnerability in squashfs-tools

In Squashfs-Tools 4.5, the squashfsopendir variable in unsquash-1.c stores the filename within the directory entry. This filename is then used by unsquashfs to create the new file during the unsquash process. The filename is not validated for traversal outside of the destination directory, allowi...

8.1CVSS6.4AI score0.025EPSS
Exploits1References2
EUVD
EUVDadded 2026/06/15 9:30 p.m.6 views

EUVD-2026-36766

In OCaml-tar before 3.4.0, a crafted archive with ../ path segments in its name allows escaping the current working directory. This is not desired behavior, and tar1 rejects such extractions, but ocaml-tar decompresses it anyway. The impact is that it allows arbitrary file writes outside of the...

5.4AI score0.00373EPSS
Exploits0References2
CVE
CVEadded 2026/06/15 12:0 a.m.12 views

CVE-2026-45390

CVE-2026-45390 affects OCaml-tar before 3.4.0. A crafted archive containing "../" segments in file names can escape the extraction directory, allowing arbitrary file writes outside the target path when decompression is reachable. The OSV/ENISA reports show the vulnerable function uses Filename.co...

9.1CVSS5.5AI score0.00373EPSS
Exploits0References1
OSV
OSVadded 2026/05/17 9:24 p.m.4 views

OPENSUSE-SU-2026:20809-1 Security update for trivy

This update for trivy fixes the following issues - CVE-2025-64702: github.com/quic-go/quic-go/http3: quic-go HTTP/3 QPACK Header Expansion DoS bsc1255366. - CVE-2025-69725: github.com/go-chi/chi/v5: incorrect input validation in the RedirectSlashes function can lead to an open redirect bsc1258513...

9.8CVSS6.6AI score0.00522EPSS
Exploits1References18
EUVD
EUVDadded 2026/04/09 12:31 a.m.4 views

EUVD-2026-20759

The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tskrecover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can...

8.4CVSS6.5AI score0.00167EPSS
Exploits0References4
OSV
OSVadded 2026/03/10 6:28 p.m.7 views

GO-2026-4580 kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko

kaniko has tar archive path traversal in its build context extraction, allowing file writes outside destination directories in github.com/chainguard-dev/kaniko...

8.2CVSS5.8AI score0.00559EPSS
Exploits0References5
OSV
OSVadded 2020/04/09 8:15 p.m.2 views

CVE-2020-8961

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific...

9.8CVSS7.3AI score0.01997EPSS
Exploits0References1
Rows per page
Query Builder