549 matches found
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
PT-2026-56968
Name of the Vulnerable Software and Affected Versions decompress versions prior to 4.2.2 Description An issue exists during archive extraction where arbitrary hardlink creation is possible. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly ...
CVE-2026-39243
decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...
CVE-2026-39243
The CVE-2026-39243 entry concerns decompress before 4.2.2, where archive extraction can create arbitrary hardlinks. During processing of hardlink entries (type === 'link'), the x.linkname field is passed directly to fs.link() without validation, enabling an attacker to craft an archive whose hard...
CVE-2026-8662
Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
CVE-2026-8662
Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
CVE-2026-8662 Path Traversal in Rapid7 InsightConnect Compression Plugin
Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
CVE-2026-8662
CVE-2026-8662 describes a path traversal in the Rapid7 InsightConnect Compression Plugin for Linux, specifically in the create_archive function. An authenticated attacker can craft a filename input that writes to unintended file paths, with the impact limited to file corruption because content ca...
Linux Distros Unpatched Vulnerability : CVE-2026-53018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65...
CVE-2026-53018 f2fs: avoid reading already updated pages during GC
In the Linux kernel, the following vulnerability has been resolved: f2fs: avoid reading already updated pages during GC We found the following issue during fuzz testing: page: refcount:3 mapcount:0 mapping:00000000b6e89c65 index:0x18b2dc pfn:0x161ba9 memcg:f8ffff800e269c00 aops:f2fsmetaaops ino:2...
PT-2026-51912
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the f2fs file system where the kernel may incorrectly initiate I/O to read pages that have already been updated during Garbage Collection GC. This occurs when a page i...
CVE-2026-2638
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...
CVE-2026-2638
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...
EUVD-2026-35404
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...
CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation
A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...
CVE-2026-2638
Technical details beyond the summary are not publicly available in the provided documents. Monitor for updates.
CVE-2026-44711
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
CVE-2026-44711 pam_usb: Symlink attacks on pad directory and pad files enable authentication bypass and root file corruption
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...
CVE-2026-44711
pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...