4129 matches found
CVE-2026-42075
Evolver (GEP-powered engine) contains a path traversal vulnerability in the fetch (skill download) command prior to version 1.69.3. The --out= flag accepts user-provided paths without validation, enabling an attacker to write files to arbitrary locations on the filesystem and overwrite sensitive ...
CVE-2026-42075 Evolver: Path Traversal via `--out` flag in `fetch` command allows Arbitrary File Write
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli...
EUVD-2026-27007
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download fetch command allows attackers to write files to arbitrary locations on the filesystem. The --out= flag accepts user-provided paths without validation, enabli...
PT-2026-36853
Name of the Vulnerable Software and Affected Versions Evolver versions prior to 1.69.3 Description A path traversal issue exists in the skill download fetch command. The --out= flag accepts user-provided paths without proper validation, allowing attackers to write files to arbitrary locations on...
PT-2026-37049
Name of the Vulnerable Software and Affected Versions Net::IMAP versions prior to 0.4.24 Net::IMAP versions prior to 0.5.14 Net::IMAP versions prior to 0.6.4 Description Several commands in the Net::IMAP Ruby library accept raw string arguments that are sent to the server without validation or...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 "bpf: Propagate stack bounds to registers in atomics w/ BPFFETCH" around checkmemaccess handling is buggy since this would allow for unprivileged...
Astra Linux - уязвимость в firefox, thunderbird
Cross-Site Tracing occurs when a server echoes a request back using the Trace method, allowing an XSS attack to access authorization headers and cookies that are inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitigate this attack, browsers imposed restrictions on fetch and...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Astra Linux - уязвимость в chromium
Insufficient policy enforcement in Background Fetch in Google Chrome prior to 104.0.5112.79 allowed a remote attacker to leak cross-origin data through a crafted HTML page...
Astra Linux - уязвимость в linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...
Astra Linux - уязвимость в linux-5.15
A flaw was discovered in KVM AMD Secure Encrypted Virtualization SEV within the Linux kernel. A KVM guest that uses SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the VMGEXIT handler recursively. If an attacker manages to call the handler...
Astra Linux - уязвимость в sssd
A flaw was discovered in SSSD, where the sssctl command was vulnerable to shell command injection through the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into executing a specially crafted sssctl command, such as using sudo, in order to gain root...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 137.0.7151.55 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch IF units on current AMD Zen-based systems do not guarantee a synchronous MC is delivered for poison consumption errors. Therefore,...
Astra Linux - уязвимость в chromium
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: unconditionally flush pending work before notifier syzbot reports: KASAN: slab-uaf in nftctxupdate include/net/netfilter/nftables.h:1831 KASAN: slab-uaf in nftcommitrelease net/netfilter/nftablesapi.c:9530...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: x86/mce: Used iscopyfromuser to determine the copy-from-user context. Patch series “mm/hwpoison: Fix regressions in memory failure handling”, v4.1 1. What are we trying to achieve? This patchset resolves two critical regressio...
Astra Linux - уязвимость в linux, linux-5.10
In the Linux kernel, the following vulnerability has been resolved: perf bpf: Avoid memory leak from perfenvinsertbtf The perfenvinsertbtf function does not insert entries if a duplicate BTF ID is encountered, which can lead to a memory leak. The function should now return a success/error value; ...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data through a crafted HTML page. Chromium security severity: High...
Astra Linux - уязвимость в chromium
Inappropriate implementation in the Background Fetch API in Google Chrome prior to 100.0.4896.60 allowed a remote attacker to leak cross-origin data through a crafted HTML page...