83 matches found
scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations.
...
SUSE CVE-2026-35254
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...
CVE-2026-35254
Vulnerability in the Oracle OCI CLI product of Oracle Open Source Projects. The supported versions that is affected is 3.77. Easily exploitable vulnerability allows unauthenticated attacker with network access to compromise Oracle OCI CLI. Successful attacks of this vulnerability can result in...
CVE-2026-7791
CVE-2026-7791 concerns the Skylight Workspace Config Service in Amazon WorkSpaces for Windows prior to version 2.6.2034.0 . A flaw in log rotation privilege management lets a local non-admin authenticated user place arbitrary files in arbitrary locations, bypassing file system permissions and ena...
MCPHub has Path Traversal via Malicious MCPB Manifest Name
MCPB File Upload Handler extracts a ZIP file and reads manifest.json from it. The name field in the manifest is directly concatenated into a file path line 107 without any sanitization or path traversal character validation. An attacker can craft a malicious MCPB file where manifest.name is set t...
CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementation treats the empty string as a valid path. This causes temporary files to be created in the...
CVE-2026-39454
SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may b...
GHSA-FJM6-8XP2-4FWC Boltz contains an insecure deserialization vulnerability in its molecule loading functionality
Boltz 2.0.0 contains an insecure deserialization vulnerability in its molecule loading functionality. The application uses Python pickle to deserialize molecule data files without validation. An attacker with the ability to place a malicious pickle file in a directory processed by boltz can achie...
CVE-1999-0399
The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a live lock issue in fuse synchronized file placement, which could make services unavailable...
CVE-2025-59485
Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...
CVE-2025-59485
Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...
PT-2025-48023
Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...
EUVD-2017-10484
Malware in sbrugna...
EUVD-2020-0121
Malware in sbrugna...
EUVD-2019-16123
Malware in sbrugna...
EUVD-2019-10911
Malware in sbrugna...
EUVD-2021-0974
Malware in sbrugna...
EUVD-2025-25412
Malicious code in bioql PyPI...
EUVD-2022-30417
Malicious code in bioql PyPI...