CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

378 matches found

CNNVD•added 2026/05/26 12:0 a.m.•5 views

Pear Archive_Tar 安全漏洞

Pear ArchiveTar is a PHP-based software developed by the PEAR team that allows for creating and extracting tar packages. Prior to version 3.08, Pear ArchiveTar had a security vulnerability. This vulnerability stemmed from the makespecialfile function, which passed the linkname of the tar header t...

9.1CVSS5.8AI score0.00052EPSS

Exploits0References3

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: jfs: Truncating of good inode pages occurs when the hard link is 0. The value of the fileset for the inode copy from the disk by the reproducer is AGGRRESERVEDI. When evicting, its hard link number is 0, so its inode pages are no...

7.8CVSS6.5AI score0.00017EPSS

Exploits0References2

RedhatCVE•added 2026/05/15 7:57 p.m.•7 views

CVE-2026-42590

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.30.0, The ExifTool metadata write blocklist in Gotenberg can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move, hardlink, and symlink creation on the server. ExifTool supports group-prefix...

8.2CVSS5.9AI score0.00069EPSS

Exploits1References1

Positive Technologies•added 2026/05/07 12:0 a.m.•7 views

PT-2026-38381

Name of the Vulnerable Software and Affected Versions Gotenberg versions prior to 8.30.0 Description The ExifTool metadata write blocklist can be bypassed using group-prefix syntax, allowing an attacker to perform arbitrary file rename, move, hardlink, and symlink creation on the server. The...

8.2CVSS5.9AI score0.00069EPSS

Exploits1References8

CVE•added 2026/05/06 8:46 p.m.•15 views

CVE-2026-40281

Gotenberg 8.x (

10CVSS6AI score0.00024EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/06 8:46 p.m.•6 views

CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values

Gotenberg is a Docker-powered stateless API for PDF files. In versions 8.30.1 and earlier, the metadata write endpoint validates metadata keys for control characters but leaves metadata values unsanitized. A newline character in a metadata value splits the ExifTool stdin line into two separate...

10CVSS6AI score0.00024EPSS

Exploits1References2

OSV•added 2026/04/07 6:16 p.m.•0 views

GHSA-QMWH-9M9C-H36M Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags

Summary The fix for ExifTool arbitrary file write commit 043b158, released in v8.29.0 uses a case-sensitive blocklist to filter dangerous pseudo-tags. ExifTool processes tag names case-insensitively, so alternate casings bypass the filter. The blocklist also omits the HardLink and SymLink...

8.8CVSS5.9AI score

Exploits0References3

Github Security Blog•added 2026/04/07 6:16 p.m.•4 views

Gotenberg has incomplete fix for ExifTool arbitrary file write: case-insensitive bypass and missing HardLink/SymLink tags

6.1AI score

Exploits0References3Affected Software1

EUVD•added 2026/03/12 4:37 p.m.•0 views

EUVD-2026-11669

ZeptoClaw: Path boundary checks bypass via symlink, TOCTOU, and hardlink...

9.3CVSS5.8AI score0.00114EPSS

Exploits1References5

CNNVD•added 2026/03/12 12:0 a.m.•3 views

ZeptoClaw 安全漏洞

ZeptoClaw is a lightweight personal AI assistant developed by qhkm’s individual developer. Versions of ZeptoClaw prior to 0.7.6 contained security vulnerabilities. These vulnerabilities were due to issues with bypassing suspended symbolic link components, as well as problems related to TOCTOU rac...

9.8CVSS5.8AI score0.00114EPSS

Exploits1References2

CNNVD•added 2026/01/13 12:0 a.m.•1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from logging conflicting inodes when moving a directory in the current transaction, which could result in two har...

6.1AI score0.0005EPSS

Exploits0References5

RedhatCVE•added 2026/01/09 9:49 a.m.•1 views

CVE-2020-24556

A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and Worry-Free Business Security Services on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and...

7.8CVSS8AI score0.0017EPSS

Exploits0References1

RedhatCVE•added 2026/01/07 9:40 a.m.•6 views

CVE-1999-0783

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system...

5.5CVSS6.6AI score0.00225EPSS

Exploits0References1

SUSE CVE•added 2025/10/17 11:34 p.m.•2 views

SUSE CVE-2025-26625

Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...

8.8CVSS7.1AI score0.00048EPSS

Exploits0References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2013-1461

Malware in sbrugna...

6.9CVSS6.1AI score0.00031EPSS

Exploits0References11

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2017-6227

Malware in sbrugna...

7.8CVSS7.7AI score0.00045EPSS

Exploits0References5