Lucene search
K

6912 matches found

CVE
CVE
added 2026/06/21 1:26 p.m.15 views

CVE-2026-56236

CVE-2026-56236 affects Capgo CLI prior to 12.128.2. The issue is arbitrary file overwrite in login and build credentials operations that follow symlinks without validation. An attacker can place malicious symlinks in a repository to overwrite arbitrary files or expose credentials with world-reada...

6.8CVSS6AI score0.00134EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.15 views

Debian dsa-6358 : libhttp-daemon-perl - security update

The remote Debian 13 host has a package installed that is affected by a vulnerability as referenced in the dsa-6358 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6358-1 [email protected] https://www.debian.org/security/...

9.1CVSS6.2AI score0.01452EPSS
Exploits0References4
OSV
OSV
added 2026/06/20 6:23 p.m.2 views

SUSE-SU-2026:22300-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS7.3AI score0.0032EPSS
Exploits0References3
OSV
OSV
added 2026/06/20 6:17 p.m.2 views

OPENSUSE-SU-2026:20993-1 Security update for python-pip

This update for python-pip fixes the following issue - CVE-2026-8643: Path traversal via malicious entry point name in pip wheel installation allows arbitrary file overwrite bsc1266669...

8CVSS5.9AI score0.0032EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Ansible

There exists an absolute path traversal attack within the Ansible automation platform. This flaw allows an attacker to create a malicious Ansible role and have the victim execute that role. A symbolic link can be used to overwrite a file that is outside of the extraction path...

6.3CVSS6.8AI score0.00859EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.8 views

Siemens RUGGEDCOM RST2428P External Control of File Name or Path (CVE-2026-26157)

A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...

7CVSS7.5AI score0.00682EPSS
Exploits2References3
CVE
CVE
added 2026/06/17 11:50 a.m.32 views

CVE-2026-11858

Quanos SCHEMA ST4 on-premises is affected by a local privilege escalation due to insufficient authorization on the Client Update Service. The service, running as NT AUTHORITY\SYSTEM, exposes a .NET Remoting interface over a named pipe without proper access controls. A local authenticated low-priv...

8.4CVSS5.5AI score0.00126EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.7 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/16 2:23 a.m.11 views

SUSE CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/06/16 12:0 a.m.12 views

Cisco Catalyst SD-WAN Manager Arbitrary File Write (cisco-sa-sdwan-arbfw-c2rZvQ)

According to its self-reported version, Cisco SD-WAN Viptela Software is affected by a vulnerability. - A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem o...

6.5CVSS6.2AI score0.07683EPSS
Exploits2References3
Debian
Debian
added 2026/06/15 8:20 p.m.5 views

[SECURITY] [DSA 6345-1] libgd-perl security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6345-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso June 15, 2026 https://www.debian.org/security/faq -...

9.8CVSS5.7AI score0.01353EPSS
Exploits0
OSV
OSV
added 2026/06/15 8:5 p.m.23 views

GHSA-G8MR-85JM-7XHM Vitest Browser: Exposed Browser Mode API Can Proxy CDP and Overwrite Config Files, Leading to RCE

Summary Vitest Browser Mode exposes a cdp API that forwards raw Chrome DevTools Protocol CDP methods over the Vitest browser WebSocket RPC. CDP is not gated by browser.api.allowWrite, browser.api.allowExec, api.allowWrite, or api.allowExec. As a result, disabling Browser Mode write and exec...

9.8CVSS5.8AI score0.00089EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 6:16 p.m.19 views

CVE-2026-20262

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS0.07683EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2026/06/15 2:59 p.m.7 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.2AI score0.00939EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/15 1:28 a.m.10 views

SUSE CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

8.4CVSS5.5AI score0.01353EPSS
Exploits0References3
OSV
OSV
added 2026/06/14 12:16 p.m.5 views

ALPINE-CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS6AI score0.00618EPSS
Exploits0References1
NVD
NVD
added 2026/06/14 12:16 p.m.13 views

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS0.00618EPSS
Exploits0References4
OSV
OSV
added 2026/06/14 12:16 p.m.5 views

ALPINE-CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS5.5AI score0.01353EPSS
Exploits0References1
NVD
NVD
added 2026/06/14 12:16 p.m.9 views

CVE-2026-11526

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

9.8CVSS0.01353EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/14 11:40 a.m.12 views

EUVD-2026-36660

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

5.5AI score0.00618EPSS
Exploits0References2
Rows per page
Query Builder