Lucene search
K

104 matches found

CVE
CVE
added yesterday3 views

CVE-2026-39245

The connected documents describe CVE-2026-39245 in the decompress package prior to 4.2.2, where a flawed path containment check uses String.indexOf without a path-separator boundary (realDestinationDir.indexOf(realOutputPath) !== 0), allowing directory traversal and arbitrary file writes adjacent...

6AI score
Exploits0References4
NVD
NVD
added 2 days ago5 views

CVE-2026-14967

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS0.00198EPSS
Exploits0References1
EUVD
EUVD
added 2 days ago6 views

EUVD-2026-42296

BBOT's githubworkflows module could be induced to write a downloaded artifact outside its configured output directory: its path-containment check did not resolve .., so a crafted CODEREPOSITORY URL could traverse out of the intended folder. The write is bounded to two directory levels above the...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-14967

BBOT’s github_workflows module has a path-traversal vulnerability: the path-containment check fails to resolve ‘..’, allowing a crafted CODE_REPOSITORY URL to traverse out of the configured output directory. The write is bounded to two directory levels above the output location and the target is ...

3.1CVSS5.9AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 4 days ago7 views

PT-2026-56053

Name of the Vulnerable Software and Affected Versions @xhmikosr/decompress versions prior to 10.2.1 @xhmikosr/decompress versions prior to 11.1.3 decompress versions prior to 4.3.0 Description When extracting archives to a directory, a crafted archive can read or write files outside that director...

9.1CVSS6AI score
Exploits0References7
EUVD
EUVD
added 2026/07/01 12:34 a.m.4 views

EUVD-2026-40422

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References4
NVD
NVD
added 2026/06/30 10:16 p.m.7 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/30 9:27 p.m.32 views

CVE-2026-50003 OFFIS DCMTK Toolkit Path Traversal

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS0.00435EPSS
Exploits0References3
CVE
CVE
added 2026/06/30 9:27 p.m.32 views

CVE-2026-50003

The CVE-2026-50003 issue affects the DCMTK toolkit. A malicious or compromised server can exploit the bit-preserving C-GET storage mode in the DCMTK client to write files outside the designated output directory, using both relative (../) paths and absolute paths. Multiple sources (RH CVE entry, E...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/30 9:27 p.m.4 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.9AI score0.00435EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.11 views

PT-2026-53992

Name of the Vulnerable Software and Affected Versions DCMTK affected versions not specified Description A compromised or malicious server can force a client to write files outside the designated output directory. This occurs when the client uses the bit-preserving C-GET storage mode, allowing the...

9.8CVSS5.8AI score0.00435EPSS
Exploits0References8
Snyk
Snyk
added 2026/06/21 5:11 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound via the xmlwf process when the -d parameter is used to specify an output directory. An attacker can cause unintended behavior or potentially execute arbitrary code by providing a specially crafted output...

7.3CVSS6.2AI score0.00098EPSS
Exploits0References2
NVD
NVD
added 2026/06/21 4:16 p.m.16 views

CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS0.00098EPSS
Exploits0References1
OSV
OSV
added 2026/06/21 4:16 p.m.3 views

ALPINE-CVE-2026-56409

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/21 3:52 p.m.7 views

EUVD-2026-38186

xmlwf in libexpat before 2.8.2 has an integer overflow for the output filename when -d outputDir is used...

6.5CVSS5.9AI score0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/06/21 3:52 p.m.18 views

CVE-2026-56409

CVE-2026-56409 affects xmlwf in libexpat prior to 2.8.2. An integer overflow occurs in the output filename when -d outputDir is used. The CVSS 3.1 vector (LOCAL, HIGH complexity, NO privileges, user interaction required) indicates a local impact with confidentiality/ integrity impact HIGH and ava...

6.5CVSS5.9AI score0.00098EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/21 12:0 a.m.11 views

PT-2026-51245

Name of the Vulnerable Software and Affected Versions libexpat versions prior to 2.8.2 Description The xmlwf tool contains an integer overflow related to the output filename when the -d outputDir option is utilized. An integer overflow occurs when a mathematical operation results in a value that...

6.5CVSS5.9AI score0.00098EPSS
Exploits0References7
NVD
NVD
added 2026/06/10 10:16 p.m.16 views

CVE-2026-45380

bit7z is a cross-platform C++ static library that allows the compression/extraction of archive files. Prior to version 4.0.12, a one-byte off-by-one error in SafeOutPathBuilder::restoreSymlink allows an attacker to craft a .7z archive that, when extracted with bit7z on any non-Windows platform,...

3.6CVSS0.00116EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/10 10:1 p.m.11 views

EUVD-2026-36186

Dulwich is a pure-Python implementation of the Git file formats and protocols. Starting in version 0.24.0 and prior to version 1.2.5, dulwich.porcelain.formatpatchoutdir=... derives each patch filename from the commit's subject line. Prior to this fix, getsummary only replaced spaces with dashes ...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/06/10 10:1 p.m.30 views

CVE-2026-47712

CVE-2026-47712 affects the Dulwich project (pure-Python Git implementation). The issue: porcelain.format_patch(outdir=...) derives patch file names from the commit subject, allowing a crafted subject to steer the created patch file outside the requested outdir. The root cause: get_summary previou...

3.3CVSS5.5AI score0.00139EPSS
Exploits0References3
Rows per page
Query Builder