Lucene search
K

372 matches found

Tenable Nessus
Tenable Nessus
added 6 days ago7 views

SUSE SLES12 Security Update : libzypp (SUSE-SU-2026:2628-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2628-1 advisory. This update for libzypp fixes the following issue - CVE-2026-25707: Handcrafted repo metadata may cause arbitrary local files to be overwritten...

8.8CVSS6AI score0.006EPSS
Exploits0References7
CVE
CVE
added 2026/06/24 5:32 p.m.10 views

CVE-2026-48720

CVE-2026-48720 affects Warp, the agentic development environment. From 0.2025.03.05.08.02.stable_00 through 0.2026.05.06.15.42.stable_01 Warp accepts non-inline OSC 1337;File payloads from terminal output and materializes the decoded payload as a local file without an extra confirmation step. Thi...

8.8CVSS5.9AI score0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 5:32 p.m.28 views

CVE-2026-48720 Warp: SSH remote output can lead to local file overwrite and persistence

Warp is an agentic development environment. From 0.2025.03.05.08.02.stable00 until 0.2026.05.06.15.42.stable01, Warp accepts non-inline OSC 1337;File payloads from terminal output and materialize the decoded payload as a local file without an additional confirmation step. This vulnerability is...

8.8CVSS0.00247EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/17 8:2 a.m.7 views

postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind

A flaw was found in PostgreSQL. This vulnerability, related to symlink following in pgbasebackup plain format and pgrewind, allows an origin superuser to overwrite local files. By exploiting this, an attacker could potentially hijack the operating system account. This attack has practical...

8.8CVSS5.6AI score0.00324EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/14 1:0 p.m.8 views

CVE-2026-6475

Symlink following in PostgreSQL pgbasebackup plain format and in pgrewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the orig...

8.8CVSS5.8AI score0.00324EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/06 12:0 a.m.7 views

RHCOS 4 : OpenShift Container Platform 4.2.28 (RHSA-2020:1401)

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1401 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process CVE-2020-10696 Note that Nessus has not tested...

9.3CVSS5.8AI score0.02603EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.9 views

python-dotenv 安全漏洞

python-dotenv is a Python environment management tool developed by Saurabh Kumar. Versions of python-dotenv prior to version 1.2.2 contained security vulnerabilities. These vulnerabilities stemmed from defects in the setkey and unsetkey functions when dealing with symbolic links, which could allo...

6.6CVSS7.3AI score0.00236EPSS
Exploits1References1
Atlassian
Atlassian
added 2026/04/08 4:29 a.m.20 views

Path Traversal (Arbitrary Write) node-tar Dependency in Confluence Data Center

This High severity Path Traversal vulnerability was introduced in versions 8.9.0, 9.0.1, 9.0.3, 9.1.0, 9.2.5, 9.5.1, 10.1.2, and 10.2.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.8 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L allows a...

8.8CVSS5.8AI score0.00233EPSS
Exploits1
CVE
CVE
added 2026/04/07 1:7 a.m.9 views

CVE-2025-13044

CVE-2025-13044 affects IBM Concert Software versions 1.0.0–2.2.0. The issue arises from creating temporary files with predictable names, enabling a local user to overwrite arbitrary files via a symlink attack. The Red Hat/ENISA/NVD entries confirm the same description and the IBM Security Bulleti...

6.2CVSS6AI score0.00142EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/26 9:31 p.m.7 views

EUVD-2026-16326

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5.9CVSS5.9AI score0.58204EPSS
Exploits9References3
NVD
NVD
added 2026/03/21 1:17 a.m.4 views

CVE-2026-32054

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

7.8CVSS0.00126EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/21 12:0 a.m.5 views

PT-2026-26736

OpenClaw versions prior to 2026.2.25 contain a symlink traversal vulnerability in browser trace and download output path handling that allows local attackers to escape the managed temp root directory. An attacker with local access can create symlinks to route file writes outside the intended temp...

6.5CVSS5.9AI score0.00126EPSS
Exploits0References4
OSV
OSV
added 2026/03/13 3:40 p.m.8 views

GHSA-4G4C-MFQG-PJ8R Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

8.2CVSS5.7AI score0.0035EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/13 3:40 p.m.3 views

EUVD-2026-11643

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite...

8.2CVSS5.9AI score0.0035EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/13 3:40 p.m.5 views

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

8.2CVSS5.7AI score0.0035EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References2
OSV
OSV
added 2026/03/12 6:16 p.m.3 views

UBUNTU-CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/12 5:40 p.m.3 views

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 5:40 p.m.18 views

CVE-2026-32116

Vulnerability: Magic Wormhole (wormhole receive) could overwrite critical local files on the recipient when receiving a file, affecting versions 0.21.0 through before 0.23.0. Root cause: receiving a file could overwrite targets like ~/.ssh/authorized_keys and .bashrc due to the transfer handling....

8.2CVSS5.8AI score0.0035EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/12 5:40 p.m.4 views

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References3
Rows per page
Query Builder