Lucene search
K

125 matches found

OSV
OSV
added 4 days ago5 views

OESA-2026-2872 ghostscript security update

Ghostscript is an interpreter for PostScript™ and Portable Document Format PDF files. Ghostscript consists of a PostScript interpreter layer, and a graphics library. Security Fixes: A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classifie...

5.3CVSS5.2AI score0.00388EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/28 2:15 p.m.9 views

CVE-2026-13500

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS6.8AI score0.00311EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/28 2:15 p.m.9 views

EUVD-2026-39998

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS5.6AI score0.00311EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/28 2:15 p.m.32 views

CVE-2026-13500 antlr ANTLR4 Grammar Action Block OutputFile.java code injection

A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of the component Grammar Action Block Handler. Executing a manipulation can lead to code injection. The attack may be launched remotely. The...

7.5CVSS0.00311EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/28 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-13500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A weakness has been identified in antlr ANTLR4 up to 4.13.2. Affected is an unknown function of the file tool/src/org/antlr/v4/codegen/model/OutputFile.java of...

7.5CVSS6.7AI score0.00311EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.11 views

PT-2026-53111

Name of the Vulnerable Software and Affected Versions ANTLR4 versions prior to 4.13.3 Description An issue exists in the Grammar Action Block Handler component within the file tool/src/org/antlr/v4/codegen/model/OutputFile.java. A remote attacker can perform a manipulation that leads to code...

7.5CVSS7.5AI score0.00311EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/26 4:32 p.m.9 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01107EPSS
Exploits0References3Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Tiff

A NULL pointer dereferencing in TIFFClose is caused by failing to open an output file a non-existent path or a path that requires permissions like /dev/null while specifying zones...

6.5CVSS6.8AI score0.01124EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in libzstd

In the Zstandard command-line utility prior to v1.4.1, output files were created with default permissions. The correct file permissions matching the input would only be set at the time of completion. As a result, output files could be readable or writable by unintended parties...

5.5CVSS6AI score0.00431EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/13 2:34 a.m.41 views

CVE-2026-54230 Abrt: event handler scripts follow symlinks when writing output files, allowing arbitrary file overwrites

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS0.0014EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/06 2:36 p.m.76 views

exploittracker

Exploit Tracker Go A small Go CLI that polls the public Po...

6.4CVSS6.8AI score0.01593EPSS
Exploits12
RedHat Linux
RedHat Linux
added 2026/06/04 10:49 a.m.17 views

kernel: ipv6: use RCU in ip6_output()

A use-after-free flaw was found in ip6finishoutput2 in net/ipv6/ip6output.c in ipv6 access. This flaw could allow an attacker to crash the system at device disconnect. This vulnerability could even lead to a kernel information leak problem...

5.7AI score0.00193EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/05/18 12:0 a.m.12 views

PT-2026-41686

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description A malicious input file can cause an out-of-bounds read of a single byte when writing an IPTC output file. An out-of-bounds read occurs when a program reads data...

7.5CVSS5.8AI score0.00495EPSS
Exploits0References125
Vulnrichment
Vulnrichment
added 2026/05/11 6:23 p.m.9 views

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 6:23 p.m.20 views

CVE-2026-42866

Tookie OSINT prior to version 4.1fix is vulnerable to path traversal when producing output files. In modules/modules.py (functions write_txt, write_csv, write_json, and the shipped but commented scan_file), the output filename is formed as open(f"{user}."), where user is unsanitized from -u or -U...

6.7CVSS5.9AI score0.00145EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.10 views

Google Go 安全漏洞

Google Go is a static, strongly typed, compiled, concurrent programming language with garbage collection features from the American company Google. There is a security vulnerability in Google Go, which stems from the lack of cleanup of output file names. When extracting malicious archive files, t...

5.9CVSS5.8AI score0.0017EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/04 2:10 p.m.22 views

rollup: Rollup: Remote Code Execution via Path Traversal Vulnerability

A flaw was found in Rollup, a JavaScript module bundler. Insecure file name sanitization in the core engine allows an attacker to control output filenames, potentially through command-line interface CLI inputs, manual chunk aliases, or malicious plugins. By using directory traversal sequences ../...

9.8CVSS7.7AI score0.01402EPSS
Exploits1References11
EUVD
EUVD
added 2026/04/28 6:30 a.m.6 views

EUVD-2026-26007

A security vulnerability has been detected in ErlichLiu claude-agent-sdk-master up to b185aa7ff0d864581257008077b4010fca1747bf. Affected by this vulnerability is an unknown functionality of the file app/api/agent-output/route.ts. The manipulation of the argument outputFile leads to path traversal...

6.9CVSS5.5AI score0.0046EPSS
Exploits0References5
CVE
CVE
added 2026/04/28 6:30 a.m.14 views

CVE-2026-7235

CVE-2026-7235 affects the ErlichLiu claude-agent-sdk-master project (up to commit b185aa7ff0d864581257008077b4010fca1747bf). The vulnerability is in app/api/agent-output/route.ts where manipulation of the outputFile argument leads to a path traversal. The issue could be remotely triggered and has...

6.9CVSS5.6AI score0.0046EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/28 12:0 a.m.11 views

Claude Agent SDK Master 路径遍历漏洞

Claude Agent SDK Master is a progressive learning tutorial for Claude Agent SDK developed by Erlich. Claude Agent SDK Master has a path traversal vulnerability; this vulnerability stems from the outputFile parameter in the app/api/agent-output/route.ts file, which allows for path traversal,...

6.9CVSS6.1AI score0.0046EPSS
Exploits0References1
Rows per page
Query Builder