Lucene search
K

15 matches found

Cvelist
Cvelist
added 2026/04/22 4:7 p.m.29 views

CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race

A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, the uutils implementation continues to monitor a path after it has been replaced by a symbolic link, subsequently outputting the...

5.3CVSS0.00096EPSS
Exploits1References1
CVE
CVE
added 2026/04/22 4:7 p.m.18 views

CVE-2026-35345

CVE-2026-35345 concerns the tail utility in uutils coreutils. The vulnerability arises with the --follow=name option: the implementation continues watching a path after it has been replaced by a symlink and then outputs the contents of the link’s target. In environments where a privileged user mo...

5.3CVSS5.7AI score0.00096EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2026/04/08 3:5 p.m.3 views

CRLF Injection

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and...

6.9CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/04/08 3:5 p.m.2 views

CRLF Injection

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and line feed...

6.9CVSS6AI score
Exploits0References2
Hacker One
Hacker One
added 2025/11/01 8:40 p.m.23 views

curl: Directory Traversal Vulnerability in cURL via Content-Disposition Header Processing

Vulnerability Description The parsefilename function in src/toolcbhdr.c does not adequately validate and sanitize filenames extracted from HTTP Content-Disposition headers, allowing directory traversal attacks when the -O remote-name and -J remote-header-name options are used together. Vulnerable...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2014-0386

Malware in sbrugna...

3.5CVSS6.4AI score0.00877EPSS
Exploits0References2
OSV
OSV
added 2025/06/03 1:15 p.m.5 views

SUSE-SU-2025:01807-1 Security update for 389-ds

This update for 389-ds fixes the following issues: Security fixes: - CVE-2025-3416: Fixed use-After-Free in Md::fetch and Cipher::fetch in rust-openssl crate bsc1242666 Other fixes: - Enable memory accounting as SUSE disables it by default bsc1241016. - Fix dsidm service getdn option failing...

3.7CVSS5.8AI score0.00452EPSS
Exploits0References5
OSV
OSV
added 2024/05/24 2:45 p.m.2 views

GHSA-3965-HPX2-Q597 Pug allows JavaScript code execution if an application accepts untrusted input

Pug through 3.0.2 allows JavaScript code execution if an application accepts untrusted input for the name option of the compileClient, compileFileClient, or compileClientWithDependenciesTracked function. NOTE: these functions are for compiling Pug templates into JavaScript, and there would...

6.8CVSS7.1AI score0.00491EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2022/03/06 6:15 a.m.2 views

CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

9.8CVSS7.5AI score0.02738EPSS
Exploits1References12
OSV
OSV
added 2022/03/06 6:15 a.m.1 views

DEBIAN-CVE-2022-26495

In nbd-server in nbd before 3.24, there is an integer overflow with a resultant heap-based buffer overflow. A value of 0xffffffff in the name length field will cause a zero-sized buffer to be allocated for the name, resulting in a write to a dangling pointer. This issue exists for the NBDOPTINFO,...

9.8CVSS8.8AI score0.02738EPSS
Exploits1References1
OSV
OSV
added 2020/07/15 9:15 p.m.3 views

CVE-2020-15779

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. The socket.io-file::createFile message uses path.join with ../ in the name option, and the uploadDir and rename options determine the path...

7.5CVSS7.1AI score0.01581EPSS
Exploits1References4
OSV
OSV
added 2012/07/03 4:40 p.m.2 views

DEBIAN-CVE-2011-2716

The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...

6.8CVSS7.4AI score0.018EPSS
Exploits2References1
RedHat Linux
RedHat Linux
added 2012/06/19 3:25 p.m.5 views

busybox: udhcpc insufficient checking of DHCP options

The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...

6.8CVSS6.1AI score0.018EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2012/02/21 2:20 a.m.1 views

busybox: udhcpc insufficient checking of DHCP options

The DHCP client udhcpc in BusyBox before 1.20.0 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in the 1 HOSTNAME, 2 DOMAINNAME, 3 NISDOMAIN, and 4 TFTPSERVERNAME host name options...

6.8CVSS6.1AI score0.018EPSS
Exploits2References4
0day.today
0day.today
added 2010/07/14 12:0 a.m.27 views

Joomla Component com_easygallery Persistent XSS Vulnerability

Exploit for php platform in category web applications =================================================== Joomla comeasygallery Persistent XSS Vulnerability =================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ ...

7.1AI score
Exploits0
Rows per page
Query Builder