Lucene search
K

13 matches found

Cvelist
Cvelist
added 2026/06/15 7:47 p.m.27 views

CVE-2026-47261 Wasmtime: WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

Wasmtime is a runtime for WebAssembly. In versions prior to 24.0.9, 36.0.10, and 44.0.2, when a filesystem preopen is given DirPerms::all and FilePerms::READ without FilePerms::WRITE, this access control mechanism can be bypassed via the wasip2 descriptor.open-at or wasip1 pathopen interfaces by...

7.5CVSS0.00357EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: perl-File-Find-Rule (UTSA-2026-021485)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021485 advisory. File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/11 8:59 p.m.33 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

exiftool-vendored 参数注入漏洞

exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the “-stayopen True -” mode, where strings...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References6
OSV
OSV
added 2025/10/31 2:13 p.m.7 views

OESA-2025-2608 perl-File-Find-Rule security update

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. %package help Summary : Alternative interface to File::Find Provides: perl-File-Find-Rule-doc %description help File::Find::Rule is a friendlier interface to...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References2
OSV
OSV
added 2025/06/27 1:16 p.m.1 views

OESA-2025-1681 perl-File-Find-Rule security update

File::Find::Rule is a friendlier interface to File::Find. It allows you to build rules which specify the desired files and directories. Security Fixes: File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened...

8.8CVSS7.3AI score0.00736EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/06/26 6:32 a.m.7 views

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

8.8CVSS6.5AI score0.00736EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/06/26 6:29 a.m.5 views

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

8.8CVSS6.5AI score0.00736EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/06/25 3:58 p.m.4 views

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

8.8CVSS6.5AI score0.00736EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2025/06/25 6:17 a.m.5 views

perl-file-find-rule: File::Find::Rule Arbitrary Code Execution

A flaw was found in perl-file-find-rule. The grep function within File::Find::Rule versions up to 0.34 is vulnerable to arbitrary code execution if provided with a specially crafted filename. This vulnerability allows an attacker to supply a filename that, when opened, executes arbitrary code via...

8.8CVSS6.5AI score0.00736EPSS
Exploits0References9
OSV
OSV
added 2025/06/05 12:15 p.m.3 views

DEBIAN-CVE-2011-10007

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted filename. A file handle is opened with the 2 argument form of open allowing an attacker controlled filename to provide the MODE parameter to open, turning the filename into a command to...

8.8CVSS8AI score0.00736EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2024/10/24 6:11 p.m.28 views

OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)

Summary In the database extension, the "enableloadextension" property can be set for the SQLite integration, enabling an attacker to load local or remote extension DLLs and so run arbitrary code on the server. The attacker needs to have network access to the OpenRefine instance. Details The...

8.8CVSS8.1AI score0.00658EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder