CVE-2026-35372

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

CVE-2018-25270

creationtimestamp| type| source ---|---|--- 2026-04-22 17:12:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3yl7zcvv2h 2026-05-31 19:37:06+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3mn6ctysno32z...

CVE-2025-58922

creationtimestamp| type| source ---|---|--- 2026-04-22 17:07:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3ycbltr22r...

Server-side Request Forgery (SSRF)

Overview bagisto/bagisto is a hand tailored E-Commerce framework designed on some opensource technologies such as Laravel a PHP framework, Vue.js a progressive Javascript framework. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the copy function of the...

SUSE-SU-2026:21293-1 Security update for the Linux Kernel (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

CVE-2018-25267

creationtimestamp| type| source ---|---|--- 2026-04-22 16:32:40+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3wecszrh2k...

CVE-2024-58344

creationtimestamp| type| source ---|---|--- 2026-04-22 16:28:13+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3w47ir3n2p...

CVE-2018-25261

creationtimestamp| type| source ---|---|--- 2026-04-22 16:26:09+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mk3vyiwriq2p 2026-04-22 19:13:32+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mk47dxvtxa25 2026-05-28 19:37:07+00:00| seen|...

CVE-2026-35374

The CVE concerns the split utility of uutils coreutils, where a TOCTOU race exists between a path-based check and subsequent opening with truncation. An attacker with directory write access can swap path components (e.g., via a symlink) during the race, causing split to truncate and write to an u...

CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

CVE-2026-35373

A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms e.g., ln SOURCE... DIRECTORY. While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation...

CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag

A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference or -n flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force overwrite mode was also enabled. Thi...

CVE-2026-35372

Affects the ln utility in uutils coreutils. A logic error causes dereferencing of the target when --no-dereference/-n is provided, previously only honoring no-dereference with --force. This can cause ln to follow a symlink pointing to a directory and create links inside that directory instead of ...

CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

CVE-2026-35364

A Time-of-Check to Time-of-Use TOCTOU race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it through a copy operation. A local attacker with write access to the destination directory can exploit thi...

CVE-2026-35356

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a second path resolution to create the target file, neither of which is anchored to a directory file...

CVE-2026-35349

CVE-2026-35349 affects the rm utility in uutils coreutils . The root cause is a path-string check used to identify the root directory instead of comparing device/inode numbers, allowing a symbolic link that resolves to "/" (e.g., "/tmp/rootlink -> /") to bypass --preserve-root. This can lead t...

CVE-2026-35349

A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to identify the root directory. An attacker or accidental user can bypass this safeguard by using a...

CVE-2026-35345

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...