Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

RedhatCVE
RedhatCVEadded 2026/01/27 3:23 p.m.2 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS6AI score0.00022EPSS
Exploits1References1
OSV
OSVadded 2026/01/23 6:31 p.m.3 views

GHSA-MXC8-4JQF-368Q miniserve affected by a TOCTOU and symlink race vulnerability

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.3CVSS5.6AI score0.00022EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/01/23 6:31 p.m.9 views

miniserve affected by a TOCTOU and symlink race vulnerability

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS5.7AI score0.00022EPSS
Exploits1References4Affected Software1
NVD
NVDadded 2026/01/23 4:15 p.m.1 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS0.00022EPSS
Exploits1References2
OSV
OSVadded 2026/01/23 4:15 p.m.3 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS5.8AI score
Exploits0References2
EUVD
EUVDadded 2026/01/23 12:0 a.m.2 views

EUVD-2026-4261

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS5.7AI score0.00022EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2026/01/23 12:0 a.m.7 views

PT-2026-4471

Name of the Vulnerable Software and Affected Versions miniserve version 0.32.0 Description A time-of-check to time-of-use TOCTOU and symlink race condition exists in miniserve when uploads are enabled. This can allow an attacker to overwrite arbitrary files outside the intended upload directory i...

6.8CVSS5.6AI score0.00022EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/01/23 12:0 a.m.3 views

Miniserve security vulnerabilities

Miniserve is a command-line tool developed by Sven-Hendrik Haase. Version 0.32.0 of Miniserve contains a security vulnerability. This vulnerability stems from TOCTOU and symbolic link races during upload completion, which may lead to overwriting files located outside of the expected upload/docume...

6.8CVSS5.8AI score0.00022EPSS
Exploits1References3
ATTACKERKB
ATTACKERKBadded 2026/01/23 12:0 a.m.2 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS6AI score0.00022EPSS
Exploits1References3
AlpineLinux
AlpineLinuxadded 2026/01/23 12:0 a.m.5 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

6.8CVSS5.8AI score0.00022EPSS
Exploits1References2
Cvelist
Cvelistadded 2026/01/23 12:0 a.m.24 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

0.00022EPSS
Exploits1References2
CVE
CVEadded 2026/01/23 12:0 a.m.9 views

CVE-2025-67124

The CVE-2025-67124 entry concerns a TOCTOU and symlink race in miniserve 0.32.0 during upload finalization. The vulnerability can let an attacker overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create or replace filesystem entries in the u...

6.8CVSS5.7AI score0.00022EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/01/23 12:0 a.m.2 views

CVE-2025-67124

A TOCTOU and symlink race in svenstaro/miniserve 0.32.0 upload finalization when uploads are enabled can allow an attacker to overwrite arbitrary files outside the intended upload/document root in deployments where the attacker can create/replace filesystem entries in the upload destination...

5.7AI score0.00022EPSS
Exploits1References2
Rows per page
Query Builder