Lucene search
K

6908 matches found

Cvelist
Cvelist
added 2026/06/14 11:40 a.m.38 views

CVE-2026-11527 Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

0.00618EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/14 11:40 a.m.9 views

CVE-2026-11527

Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle. Config::IniFiles::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd...

8.6CVSS5.5AI score0.00618EPSS
Exploits0
CVE
CVE
added 2026/06/14 11:39 a.m.50 views

CVE-2026-11526

The CVE-2026-11526 issue affects GD for Perl (versions before 2.86). The vulnerability lies in GD::Image::_make_filehandle, which uses a 2-arg open() on filename arguments, causing any filename starting/ending with a pipe or redirect to be executed as a command or redirected, leading to OS comman...

9.8CVSS5.4AI score0.01353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/14 11:39 a.m.7 views

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/14 11:39 a.m.13 views

EUVD-2026-36659

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

5.4AI score0.01353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/14 11:39 a.m.33 views

CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle

GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open of filename arguments in makefilehandle. GD::Image::makefilehandle opens a filename argument with Perl's 2-arg open, so a filename that begins or ends with a pipe "| cmd", "cmd |" or begins with a...

0.01353EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/14 6:0 a.m.14 views

EUVD-2025-210137

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use TOCTOU race condition between the file existence check and the actual file write operation, an...

5.3AI score0.00159EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/14 12:0 a.m.22 views

PT-2026-49109

Name of the Vulnerable Software and Affected Versions Config::IniFiles versions prior to 3.001000 Description OS command injection and file overwrite are possible through the make filehandle function. This occurs because the function uses Perl's 2-arg open to process the -file argument. If a...

8.6CVSS5.7AI score0.00618EPSS
Exploits0References26
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-11527

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open of the -file argument in makefilehandle...

8.6CVSS6AI score0.00618EPSS
Exploits0References2
NVD
NVD
added 2026/06/13 3:16 a.m.16 views

CVE-2026-54230

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7.8CVSS0.0014EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/13 2:34 a.m.14 views

EUVD-2026-36639

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score0.0014EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/13 12:0 a.m.14 views

PT-2026-49075

Name of the Vulnerable Software and Affected Versions libreport affected versions not specified Description A symlink following issue exists in the ABRT post-create event handler scripts. These scripts write output files using shell redirections without the O NOFOLLOW flag a flag that prevents a...

7.8CVSS5.4AI score0.0014EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/13 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54056

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or trunca...

7.6CVSS6.2AI score0.00268EPSS
Exploits1References3
NVD
NVD
added 2026/06/12 9:16 p.m.12 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
OSV
OSV
added 2026/06/12 9:16 p.m.11 views

DEBIAN-CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.1CVSS5.7AI score0.00268EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2026/06/12 8:6 p.m.5 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/06/12 8:6 p.m.6 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.6AI score0.00268EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 8:6 p.m.20 views

CVE-2026-54056

Kitty (GPU-based terminal) vulnerability CVE-2026-54056 affects versions 0.47.0–0.47.1 where a remote drag-and-drop via kitten dnd staging can overwrite or truncate arbitrary files writable by the local user. The attack chains a staged remote text/uri-list, exploiting a race in staging where a st...

7.6CVSS5.7AI score0.00268EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/06/12 8:6 p.m.32 views

CVE-2026-54056 Kitty has an arbitrary file overwrite via symlink following in `kitten dnd` remote drop staging

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS0.00268EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/06/12 8:6 p.m.10 views

CVE-2026-54056

Kitty is a cross-platform GPU based terminal. In versions 0.47.0 and 0.47.1, kitten dnd can allow a malicious remote drag-and-drop source to overwrite or truncate arbitrary files writable by the local kitty user. Remote text/uri-list drops are staged in a temporary directory, but on case-sensitiv...

7.6CVSS5.7AI score0.00268EPSS
Exploits1
Rows per page
Query Builder