Lucene search
K

6912 matches found

OSV
OSV
added 2026/06/29 11:50 a.m.6 views

PYSEC-2026-442 PaddlePaddle Path Traversal vulnerability

Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6...

9.1CVSS7.3AI score0.01048EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.49 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:15 a.m.25 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/29 10:15 a.m.4 views

CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/29 7:52 a.m.5 views

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

7.1CVSS5.9AI score0.00126EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 7:52 a.m.6 views

Important: Red Hat Security Advisory: vim security update

An update for vim is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

8.2CVSS7.2AI score0.00552EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 10 : vim (RHSA-2026:30900)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:30900 advisory. Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: arbitrary command execution via modeline sandbox...

8.2CVSS7.3AI score0.00552EPSS
Exploits0References10
EUVD
EUVD
added 2026/06/26 11:54 p.m.10 views

EUVD-2026-39487

pnpm: stage download writes outside its destination directory via manifest name/version traversal...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/06/26 2:50 p.m.36 views

CVE-2026-45257 Arbitrary file overwrite via the KTLS receive path

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

0.00154EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:50 p.m.123 views

CVE-2026-45257

CVE-2026-45257 : FreeBSD KTLS receive path decrypts in place, enabling an unprivileged local user to overwrite a file’s page cache via sendfile(2) data over a loopback connection when KTLS receive is enabled. This can corrupt the backing file and allow privilege escalation by overwriting setuid/t...

7.8CVSS5.8AI score0.00154EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/06/26 12:16 a.m.11 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/26 12:0 a.m.8 views

SUSE SLES12 Security Update : libzypp (SUSE-SU-2026:2628-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2628-1 advisory. This update for libzypp fixes the following issue - CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten...

8.8CVSS6.1AI score0.006EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/25 11:23 p.m.8 views

CVE-2026-13218

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS5.9AI score0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/25 11:23 p.m.40 views

CVE-2026-13218 Kubevirt: kubevirt: symlink following in writetocachedfile allows host file overwrite from virt-launcher

A flaw was found in KubeVirt's virt-handler network cache handling. The WriteToCachedFile function writes data to a launcher-rooted path using os.WriteFile and os.Chown without symlink protection. A user with access to the virt-launcher container can plant a symlink at the cache file path, causin...

4.2CVSS0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:41 p.m.7 views

CVE-2025-71338

Flowise contains a path traversal vulnerability in the /api/v1/document-store/loader/process endpoint that allows unauthenticated attackers to write arbitrary files to the filesystem. Attackers can exploit unsanitized fileName parameters with ../ sequences to overwrite critical files like...

10CVSS6.7AI score0.00639EPSS
Exploits1References3
NVD
NVD
added 2026/06/25 6:16 p.m.7 views

CVE-2026-55700

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 5:41 p.m.4 views

JLSEC-2026-626 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in...

Rsync versions before 3.4.3 contain a time-of-check to time-of-use TOCTOU race condition in daemon file handling that allows attackers to redirect file writes outside intended directories by replacing parent directory components with symbolic links. Attackers with write access to a module path ca...

7.3CVSS6AI score0.00152EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/25 4:47 p.m.34 views

CVE-2026-55700 pnpm: stage download writes outside destination via manifest version traversal

pnpm is a package manager. From 11.3.0 until 11.5.3, pnpm stage download derived a local filename from registry-controlled package name and version fields. A crafted manifest could escape the selected download directory and overwrite another reachable file. The merged fix validates both fields,...

7.1CVSS0.00267EPSS
Exploits1References2
OSV
OSV
added 2026/06/25 8:25 a.m.16 views

SUSE-SU-2026:2628-1 Security update for libzypp

This update for libzypp fixes the following issue - CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten bsc1259802. - CVE-2026-44942: Fixed possible path traversal attacks via .repo files 'path=' entries bsc1267874...

8.8CVSS5.9AI score0.006EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:32 p.m.31 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
Rows per page
Query Builder