GHSA-4G4C-MFQG-PJ8R Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

UBUNTU-CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

CVE-2026-32116 Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

PT-2026-25032

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorized keys and .bashrc. This...

EUVD-2025-21057

Malicious code in bioql PyPI...

CVE-2025-24798

Meshtastic is an open source mesh networking solution. From 1.2.1 until 2.6.2, a packet sent to the routing module that contains wantresponse==true causes a crash. This can lead to a degradation of service for nodes within range of a malicious sender, or via MQTT if downlink is enabled. This...

Oracle Linux 8 : olcne (ELSA-2024-12264)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12264 advisory. - Update modules and components built with golang 1.20.12 to address CVE-2023-39326 Tenable has extracted the preceding description block directly from the...

RHEL 9 : skopeo (RHSA-2024:1149)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:1149 advisory. The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify file...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2024-1194)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the...

Medium: golang

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

Design/Logic Flaw

A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data up to about...

Dovecot 2.3.11 - 2.3.11.3 DoS Vulnerability

Dovecot is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dovecot:dovecot";...

comms/hylafax -- Malformed fax sender remote code execution in JPEG support

A malicious sender that sets both JPEG and MH,MR,MMR or JBIG in the same DCS signal or sends a large JPEG page could lead to remote code execution...

Unauthorized reading confirmation from Outlook

I've just got an interesting idea about how a malicious e-mail sender could try to get a unseen by the recipient reading confirmation, including the IP address of the recipient. I was working on S/MIME messages and I thought about the signature validation process, where some of the steps could...