RHCOS 4 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1401 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Note that Nessus has not tested...

python-dotenv 安全漏洞

python-dotenv is a Python environment management tool developed by Saurabh Kumar. Versions of python-dotenv prior to version 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setkey and unsetkey functions when dealing with symbolic links, which could allo...

CVE-2025-13044

CVE-2025-13044 affects IBM Concert Software (versions 1.0.0–2.2.0). The vulnerability arises from the creation of temporary files with predictable names, enabling local users to overwrite arbitrary files via a symlink attack. The resulting impact is local file overwrite (CWE-340) with a base scor...

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

PT-2026-26736

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

EUVD-2026-11643

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite...

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

GHSA-4G4C-MFQG-PJ8R Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

Linux Distros Unpatched Vulnerability : CVE-2026-32116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file...

UBUNTU-CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

CVE-2026-32116

Vulnerability: Magic Wormhole (wormhole receive) could overwrite critical local files on the recipient when receiving a file, affecting versions 0.21.0 through before 0.23.0. Root cause: receiving a file could overwrite targets like ~/.ssh/authorized_keys and .bashrc due to the transfer handling....

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

PT-2026-25032

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorized keys and .bashrc. This...

CVE-2026-20122 Cisco Catalyst SD-WAN Manager Arbitrary File Overwrite Vulnerability

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

MiracleLinux 8 : container-tools:2.0 (AXSA:2020-866:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-866:01 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Bug Fixes: podman 1.6.4 is not honouring...

MiracleLinux 7 : buildah-1.11.6-11.el7 (AXSA:2020-066:02)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-066:02 advisory. buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 containers/image: Container images read...

MiracleLinux 3 : cups-1.3.7-18.8.0.1.AXS3 (AXSA:2010-481:05)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-481:05 advisory. The Common UNIX Printing System provides a portable printing layer for UNIX operating systems. It has been developed by Easy Software Products to...

Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2020-8177)

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...