Lucene search
K

549 matches found

NVD
NVD
added 5 days ago6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS0.00196EPSS
Exploits1References3
Cvelist
Cvelist
added 5 days ago29 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

0.00196EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 5 days ago6 views

PT-2026-56968

Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...

5.5CVSS6.2AI score0.00196EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-39243

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00196EPSS
Exploits1References4
CVE
CVE
added 5 days ago6 views

CVE-2026-39243

The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...

5.5CVSS6.1AI score0.00196EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/06/25 3:16 a.m.10 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

4.3CVSS0.00216EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:51 a.m.6 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:51 a.m.33 views

CVE-2026-8662 Path Traversal in Rapid7 InsightConnect Compression Plugin

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS0.00216EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:51 a.m.13 views

CVE-2026-8662

CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...

4.3CVSS5.9AI score0.00216EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53018

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65...

5.9AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/06/24 4:29 p.m.3 views

CVE-2026-53018 f2fs: avoid reading already updated pages during GC

In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...

5.8AI score0.00166EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.12 views

PT-2026-51912

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...

6AI score0.00166EPSS
Exploits0References12
RedhatCVE
RedhatCVE
added 2026/06/10 2:59 p.m.11 views

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References1
NVD
NVD
added 2026/06/09 1:16 p.m.29 views

CVE-2026-2638

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS0.00085EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/09 11:21 a.m.12 views

EUVD-2026-35404

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS5.4AI score0.00085EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/09 11:21 a.m.33 views

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

7.3CVSS0.00085EPSS
Exploits0References4
CVE
CVE
added 2026/06/09 11:21 a.m.43 views

CVE-2026-2638

Technical details beyond the summary are not publicly available in the provided documents. Monitor for updates.

7.3CVSS5.4AI score0.00085EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.11 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.5AI score0.00166EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/27 8:18 p.m.42 views

CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS0.00166EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/27 8:18 p.m.13 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.8AI score0.00166EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder