8 matches found
CVE-2026-7275
creationtimestamp| type| source ---|---|--- 2026-04-29 12:50:13+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mkn56yjc7r2m 2026-05-12 16:46:39+00:00| seen| https://vulnerability.circl.lu/bundle/20100033-b137-47a0-b98c-568c18deda5a...
CVE-2026-31594
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epfntbepcdestroy duplicates the teardown that the caller is supposed to perform later. This leads to an oops when .allowlink fails or when .droplink is performed. Th...
EUVD-2026-10874
LinkAce is a self-hosted archive to collect website links. When a user creates a link via POST /links, the server fetches HTML metadata from the provided URL LinkRepository::create calls HtmlMeta::getFromUrl. The LinkStoreRequest validation rules do not include NoPrivateIpRule, allowing server-si...
SUSE CVE-2026-23745
node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to Arbitrary File Overwri...
CISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2024-54085link is external AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability CVE-2024-0769link is external D-Link DIR-859 Router Path Traversal...
CVE-2019-1836 Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Symbolic Link Path Traversal Vulnerability
A vulnerability in the system shell for Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure ACI mode could allow an authenticated, local attacker to use symbolic links to overwrite system files. These system files may be sensitive and should not be overwritable by non-ro...
CVE-2009-3653
Cross-site scripting XSS vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output...
Cross site scripting
Cross-site scripting XSS vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output...