Lucene search
+L

6956 matches found

Nuclei
Nuclei
added 13 hours ago19 views

Multiple Thrive Themes < 2.0.0 - Arbitrary File Upload

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes WordPress theme before 2.0.0, FocusBlog by Thrive Themes WordPress theme before 2.0.0, Squared by...

9.1CVSS8.4AI score0.03946EPSS
Exploits2References2
Mageia
Mageia
added yesterday8 views

Updated perl-Config-IniFiles package fixes a security vulnerability

The updated package fixes a security vulnerability: Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. CVE-2026-11527...

8.6CVSS5.4AI score0.00618EPSS
Exploits0References6
OSV
OSV
added yesterday8 views

MGASA-2026-0263 Updated perl-Config-IniFiles package fixes a security vulnerability

The updated package fixes a security vulnerability: Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. CVE-2026-11527...

8.6CVSS5.3AI score0.00618EPSS
Exploits0References7
Nuclei
Nuclei
added yesterday29 views

GL.iNet <= 4.3.7 - Arbitrary File Write

GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...

7.5CVSS7.4AI score0.46966EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 3 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-62294

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Flameshot is powerful yet simple to use screenshot software. Prior to 14.0.0, the Open With feature wrote screenshots to a predictable temporary path and follow...

5.1CVSS5.4AI score0.00101EPSS
Exploits0References3
CVE
CVE
added 4 days ago9 views

CVE-2026-62294

Flameshot prior to 14.0.0 is affected by a local TOCTOU race in the Open With feature. The software wrote screenshots to a predictable temporary path and followed symlinks, enabling a local unprivileged user on the same machine to pre-plant a symlink and cause Flameshot to write PNG data through ...

5.1CVSS6.1AI score0.00101EPSS
Exploits0References4
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS0.00431EPSS
Exploits0References1
CVE
CVE
added 6 days ago13 views

CVE-2026-22102

CVE-2026-22102 describes an issue where a POST request to a specific webserver endpoint can write to arbitrary file locations. The filename parameter is taken from the Content-Disposition header without verification, enabling: Denial of service by overwriting system files Potential remote code ex...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 6 days ago7 views

CVE-2026-22102 Arbitrary file overwrite through certificate update functionality

A POST request sent to a specific webserver endpoint can be used to write to arbitrary file locations. The endpoint accepts the filename parameter in the Content-Disposition header without verification. This can be used to cause a denial of service by overwriting system files, or...

9.3CVSS6.3AI score0.00431EPSS
Exploits0References1
NVD
NVD
added 2026/07/10 7:17 p.m.10 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS0.00207EPSS
Exploits1References3
OSV
OSV
added 2026/07/10 7:17 p.m.6 views

UBUNTU-CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2026/07/10 5:59 p.m.10 views

CVE-2026-53449

Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable ...

6CVSS6.2AI score0.00207EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/10 12:31 a.m.10 views

EUVD-2026-42768

decompress before 4.2.2 allows arbitrary hardlink creation during archive extraction, enabling file read disclosure and file corruption. When processing hardlink entries type === 'link', the x.linkname field from the archive is passed directly to fs.link without validation index.js line 113. An...

5.5CVSS6.1AI score0.00248EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/09 2:40 p.m.5 views

openssh: OpenSSH: sftp client allows attacker to control downloaded file location

A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...

5.4CVSS6.1AI score0.00241EPSS
Exploits0References7
OSV
OSV
added 2026/07/08 9:16 p.m.7 views

UBUNTU-CVE-2026-58494

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS6.1AI score0.00119EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/07/08 8:22 p.m.36 views

CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination

Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...

6.5CVSS0.00119EPSS
Exploits0References9
NVD
NVD
added 2026/07/08 8:16 p.m.8 views

CVE-2026-14361

The consul-template library before version 0.42.1 is vulnerable to a path redirection issue in the writeToFile template helper that may allow template output to be written outside the intended directory or to overwrite an existing file. This vulnerability CVE-2026-14361 is fixed in consul-templat...

4.7CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2026/07/08 12:6 p.m.5 views

RLSA-2026:36193 Important: python3.14-pip security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

8CVSS7AI score0.0032EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/07/08 6:20 a.m.6 views

CVE-2026-59995

A flaw was found in OpenSSH. The sftp client, when used to download files from a malicious server with the 'sftp server:/path .' command, does not properly restrict where those files are saved. This allows an attacker to control the download location, potentially overwriting existing files or...

5.4CVSS5.9AI score0.00241EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/07/07 8:17 p.m.5 views

python-pip: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite

A flaw was found in pip, the package installer for Python. A remote attacker can exploit this vulnerability by tricking a victim into installing a malicious Python wheel. This wheel contains specially crafted entry-point names that use directory traversal or absolute paths. This allows pip to wri...

8CVSS7.1AI score0.0032EPSS
Exploits0References5
Rows per page
Query Builder