Lucene search
K

6938 matches found

EUVD
EUVD
added 2026/06/14 6:0 a.m.15 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.26 views

PT-2026-49109

Name of the Vulnerable Software and Affected Versions Config::IniFiles versions prior to 3.001000 Description OS command injection and file overwrite are possible through the make filehandle function. This occurs because the function uses Perl's 2-arg open to process the -file argument. If a...

8.6CVSS5.7AI score0.00618EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-11527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle...

8.6CVSS6AI score0.00618EPSS
Exploits0References2
NVD
NVD
added 2026/06/13 3:16 a.m.18 views

CVE-2026-54230

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7.8CVSS0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:34 a.m.15 views

EUVD-2026-36639

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.18 views

PT-2026-49075

Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A symlink following issue exists in the ABRT post-create event handler scripts. These scripts write output files using shell redirections without the O NOFOLLOW flag a flag that prevents a...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-54056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or trunca...

7.6CVSS6.2AI score0.00268EPSS
Exploits1References3
OSV
OSV
added 2026/06/12 9:16 p.m.13 views

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.1CVSS5.7AI score0.00268EPSS
Exploits1References1
NVD
NVD
added 2026/06/12 9:16 p.m.14 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/12 8:6 p.m.34 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/12 8:6 p.m.12 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2026/06/12 8:6 p.m.8 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.6AI score0.00268EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 8:6 p.m.21 views

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/12 8:6 p.m.8 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 6:9 p.m.11 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.2AI score0.00104EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 6:9 p.m.3 views

CVE-2026-42306 Moby: Race condition in docker cp allows bind mount redirection to host path

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS6AI score0.00104EPSS
Exploits0References3
OSV
OSV
added 2026/06/12 12:25 p.m.8 views

OESA-2026-2630 python-pip security update

%changelog Sat Jul 13 2024 yangyuan [email protected] - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891 Security Fixes: A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel...

8CVSS5.8AI score0.0032EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/12 2:25 a.m.11 views

SUSE CVE-2026-48681

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image...

8.1CVSS5.2AI score0.00601EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.27 views

PT-2026-48992

Name of the Vulnerable Software and Affected Versions Kitty versions 0.47.0 through 0.47.1 Description In the kitten dnd component, a malicious remote drag-and-drop source can overwrite or truncate arbitrary files that the local user has permission to write. This occurs because remote text/uri-li...

7.6CVSS6.1AI score0.00268EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.6 views

FreeBSD : FreeBSD -- Arbitrary file overwrite via the KTLS receive path (f2c4892a-6472-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2c4892a-6472-11f1-958d-bc241121aa0a advisory. The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data wer...

7.8CVSS5.5AI score0.00154EPSS
Exploits0References2
Rows per page
Query Builder