Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/02/03 11:57 p.m.2 views

GHSA-5G94-C2WX-8PXW apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.4AI score0.00025EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/02/03 12:0 a.m.2 views

PT-2026-6368

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

7.5CVSS5.5AI score0.00025EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/09/19 8:37 p.m.5 views

CVE-2025-59349

Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, DragonFly2 uses the os.MkdirAll function to create certain directory paths with specific access permissions. This function does not perform any permission checks when a given directory path...

5.1CVSS6.4AI score0.00031EPSS
Exploits0References1
Snyk
Snykadded 2025/09/17 8:42 p.m.1 views

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to using os.MkdirAll function which does not perform any permission checks when a given directory path already exists. An attacker can gain unauthorized access or modify files by...

5.1CVSS6.6AI score0.00031EPSS
Exploits0References2
OSV
OSVadded 2024/09/03 7:15 p.m.3 views

AZL-48581 CVE-2024-45310 affecting package kubernetes 1.28.4-25

runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers an...

3.6CVSS7AI score0.0015EPSS
Exploits0References1
OSV
OSVadded 2020/08/05 8:15 p.m.1 views

AZL-6390 CVE-2020-15113 affecting package etcd for versions less than 3.5.0-3

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...

7.1CVSS6.8AI score0.00024EPSS
Exploits0References1
OSV
OSVadded 2020/08/05 8:15 p.m.1 views

DEBIAN-CVE-2020-15113

In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients with restricted access permissions 700 by using the os.MkdirAll. This functio...

7.1CVSS6.8AI score0.00024EPSS
Exploits0References1
Rows per page
Query Builder