Lucene search
K

36 matches found

Cvelist
Cvelist
added 2026/06/25 5:39 p.m.30 views

CVE-2026-54093 File Browser: Path traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.6, filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for...

6.8CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 5:39 p.m.26 views

CVE-2026-54093

CVE-2026-54093 affects File Browser prior to v2.63.6, where archive entry names for zip/tar are built using Windows-style backslashes. On Linux, backslashes are preserved in names, allowing a Windows-style traversal like ....\evil.txt to be written on disk and then emitted verbatim in the archive...

6.8CVSS6AI score0.00189EPSS
Exploits0References1
OSV
OSV
added 2026/06/12 9:53 p.m.8 views

GHSA-GXJX-7M74-HCQ8 File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames

Summary filebrowser builds the download-as-zip / download-as-tar archive entry names with filepath.ToSlash, which on a Linux host is a no-op for backslashes \ is only a path separator on Windows. A file whose name contains Windows-style traversal ......\evil.txt is accepted by the resource...

6.2CVSS5.7AI score0.00189EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-49066

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description An issue exists where the software fails to properly normalize file paths when creating zip or tar archives on Linux hosts. Specifically, the getFiles function uses filepath.ToSlash, which does...

6.8CVSS6AI score0.00189EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.10 views

CVE-2026-45864

fs/ntfs3: prevent infinite loops caused by the next valid being the same...

5.8AI score0.00156EPSS
Exploits0References2
Hacker One
Hacker One
added 2026/05/19 11:30 a.m.38 views

curl: curl --skip-existing has a TOCTOU race that lets a post-check symlink redirect the later download write

Summary: The curl CLI's --skip-existing option performs a separate existence check before the download body is written. In the verified path, curl first calls stat on the target pathname and decides "the file does not exist, so continue", but it does not keep an fd bound to that decision. The...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/10/28 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40025

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to do sanity check on node footer for non inode dnode As syzbot reported below: ------------ cut here ------------ kernel BUG at fs/f2fs/file.c:1243!...

6.2AI score0.00168EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2017-18743

Malware in sbrugna...

7.5CVSS7.6AI score0.68744EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0495

Malware in sbrugna...

2.1CVSS6.1AI score0.00829EPSS
Exploits0References13
CVE
CVE
added 2025/09/04 3:32 p.m.34 views

CVE-2025-38697

The CVE relates to the Linux kernel JFS: an upper bound check in dbAllocAG when computing the tree index could go out of bounds if filesystem metadata is corrupted. This could enable a local attacker to trigger out-of-bounds conditions in JFS data structures. The vulnerability is resolved in the ...

7.8CVSS5.8AI score0.00167EPSS
Exploits0References12Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-37785

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with reclen == block size results in...

7.1CVSS6.8AI score0.0024EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/08/09 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2025-37931

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: adjust subpage bit start based on sectorsize When running machines with 64k page size and a 16k nodesize we started seeing tree log corruption in...

5.5CVSS6.7AI score0.00163EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/04 3:19 p.m.3 views

kernel: ext4: avoid journaling sb update on error if journal is destroying

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUGON if trying to start a transaction on a journal marked with JBD2UNMOUNT, since this should never happen. However, while ltp running stress...

5.5CVSS6.8AI score0.00175EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2025/07/11 7:0 a.m.4 views

ext4: ignore xattrs past end

...

7.8CVSS7AI score0.00167EPSS
Exploits0
BDU FSTEC
BDU FSTEC
added 2025/07/03 12:0 a.m.9 views

The vulnerability of the fs/nilfs2 component in the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the fs/nilfs2 component in Linux operating systems is related to insufficient blocking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS6.7AI score0.00206EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2025/06/25 12:0 a.m.10 views

The vulnerability of the reiserfs_rename() function in the fs/reiserfs/namei.c module of the Linux file system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the reiserfsrename function in the fs/reiserfs/namei.c module of the Linux file system support module is related to improper locking of resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of protecte...

7.8CVSS6.5AI score0.0024EPSS
Exploits0References20Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/06/23 12:0 a.m.6 views

The vulnerability of the __ocfs2_change_file_space() function in the fs/ocfs2/file.c module of the Linux file system support module allows a attacker to cause a service failure.

The vulnerability of the ocfs2changefilespace function in the fs/ocfs2/file.c module of the Linux file system support module is related to incorrect input validation. Exploiting this vulnerability could allow an attacker to cause a service failure...

5.5CVSS6.5AI score0.00226EPSS
Exploits0References21Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/05/27 12:0 a.m.7 views

The vulnerability of the btrfs_get_blocks_direct_write() function in the file system of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the btrfsgetblocksdirectwrite function in the file system of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

5.5CVSS5.8AI score0.00243EPSS
Exploits0References7Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/03/21 12:0 a.m.8 views

The vulnerability of the ext4_xattr_set_entry() function in the fs/ext4/xattr.c module of the Ext4 file system in the Linux operating system allows a attacker to cause a service failure.

The vulnerability of the ext4xattrsetentry function in the fs/ext4/xattr.c module of the Ext4 file system in the Linux operating system is related to insufficient resource locking. Exploiting this vulnerability could allow an attacker to cause a service failure...

7.5CVSS6.6AI score0.00221EPSS
Exploits0References14Affected Software5
Fedora
Fedora
added 2025/03/05 1:15 a.m.9 views

[SECURITY] Fedora 41 Update: fscrypt-0.3.5-2.fc41

fscrypt is a high-level tool for the management of Linux filesystem encryptio n. This tool manages metadata, key generation, key wrapping, PAM integration, and provides a uniform interface for creating and modifying encrypted directories...

7.3AI score
Exploits0
Rows per page
Query Builder