Lucene search
K

4 matches found

EUVD
EUVD
added 2026/06/26 4:44 p.m.9 views

EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References3
EUVD
EUVD
added 2026/05/28 9:18 p.m.13 views

EUVD-2026-33067

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00193EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.11 views

PT-2026-44545

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00193EPSS
Exploits1References3
exploitpack
exploitpack
added 2004/02/06 12:0 a.m.17 views

Linux VServer Project 1.2x - Chroot Breakout

Linux VServer Project 1.2x - Chroot Breakout / source: https://www.securityfocus.com/bid/9596/info VServer is reported prone to a breakout vulnerability that allows a malicious user to escape from the context of the chrooted root directory of the virtual server. This issue is due to the VServer...

0.1AI score
Exploits0
Rows per page
Query Builder