Lucene search
K

7 matches found

NVD
NVD
added 2026/05/07 8:16 p.m.18 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS0.0017EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/07 8:16 p.m.5 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9CVSS6AI score0.0017EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:41 p.m.12 views

CVE-2026-39817

The "go tool pack" subcommand usually used only by the compiler as an internal tool with known-good inputs does not sanitize output filenames. Extracting a malicious archive file with the "pack" subcommand can write files to arbitrary locations on the filesystem...

5.9AI score0.0017EPSS
Exploits0References5Affected Software1
CNNVD
CNNVD
added 2026/04/22 12:0 a.m.12 views

uutils coreutils 安全漏洞

uutils coreutils is a cross-platform core command-line toolset developed by Uutils. There is a security vulnerability in uutils coreutils, which stems from a split logic error. When non-UTF-8-prefixed or -suffixed inputs are provided, the output file name may be corrupted, potentially causing fil...

3.3CVSS5.7AI score0.00143EPSS
Exploits1References1
Snyk
Snyk
added 2026/02/25 6:17 a.m.3 views

Directory Traversal

Overview org.webjars.npm:rollup is a Next-generation ES module bundler Affected versions of this package are vulnerable to Directory Traversal in the Bundle class in bundle.ts, which handles file name sanitization in the core engine. An attacker can overwrite arbitrary files on the host filesyste...

9.8CVSS6.5AI score0.01402EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2025/04/30 9:14 a.m.8 views

ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript

A flaw was found in Artifex Ghostscript base/gsdevice.c. This vulnerability allows path truncation, path traversal, and possible code execution via an integer overflow when parsing the filename format string for the output filename...

7.8CVSS6.2AI score0.00387EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2024/01/02 4:42 p.m.21 views

Potential Actions command injection in output filenames (GHSL-2023-275)

Summary The tj-actions/verify-changed-files action allows for command injection in changed filenames, allowing an attacker to execute arbitrary code and potentially leak secrets. Details The verify-changed-files workflow returns the list of files changed within a workflow execution. This could...

8.8CVSS8.4AI score0.02621EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder