Lucene search
K

8482 matches found

Debian CVE
Debian CVE
added 2026/06/30 9:27 p.m.5 views

CVE-2026-50003

A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative ../ paths and absolute paths...

9.8CVSS5.9AI score0.00435EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/06/30 9:6 p.m.6 views

CVE-2026-52868

An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation...

8.8CVSS5.8AI score0.00374EPSS
Exploits0
EUVD
EUVD
added 2026/06/30 11:4 a.m.5 views

EUVD-2026-40288

Net::BitTorrent versions through 2.0.1 for Perl write files outside the download directory via path traversal in peer-supplied metadata. Net::BitTorrent validates file path components only on the .torrent-file ingest path. The peer and magnet metadata path onmetadatareceived, reached from the BEP...

5.3CVSS5.8AI score0.00282EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53994

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An unauthenticated attacker can perform a directory traversal to read worklist records from a directory outside the intended per-AE worklist storage area. In...

8.8CVSS5.8AI score0.00374EPSS
Exploits0References7
NVD
NVD
added 2026/06/29 8:17 p.m.11 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

7.1CVSS0.00182EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/29 7:43 p.m.22 views

CVE-2026-43701

The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may be able to process restricted web content outside the sandbox...

0.00182EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:53 p.m.12 views

Malicious code in @druidsoft/botframework-directlinejs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 34ac6d117d0531ed668bd8df71233c07089b14c644a9403ee479976d75951fcb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 4:50 p.m.9 views

Malicious code in @huobi-ui/activity-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a2dc07679f0c801fbb465a2502687e29ed687871964c5d84c0dd5f2b7f94e8ad Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/29 2:0 p.m.6 views

Malicious code in authmatrix (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58eb7642f8d7e2fb2e898277c6961d2538f40766777a679020f4872b29925806 The package is published as 'authmatrix' with a description suggesting basic auth functionality, but its lib/ tree is a copy of the pino logger and i...

6.1AI score
Exploits0References3
NVD
NVD
added 2026/06/26 6:17 p.m.11 views

CVE-2026-54557

mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink destination from the raw resolved version string for non-latest versions. Normal tool install paths use the sanitized version pathname, but the HTTP backend's symlin...

5.5CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 4:44 p.m.9 views

EUVD-2026-39812

extract-zip does not validate symlink targets when extracting zip archives. When processing a malicious zip file containing a symlink with a relative path like '../../../../etc/passwd', extract-zip will extract the symlink without validation, allowing it to point outside the extraction directory...

8.6CVSS5.9AI score0.00346EPSS
Exploits1References3
NVD
NVD
added 2026/06/26 4:16 p.m.8 views

CVE-2026-45195

Kernel software installed and running inside a Host VM may post improper commands to the GPU Firmware to trigger a memory read or write outside the permitted range of memory for the host kernel. Addresses passed to the GPU Firmware can be used by the Firmware for more privileged memory accesses...

7.8CVSS0.00106EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:47 p.m.24 views

CVE-2026-50548 Cursor Desktop sandbox escape via agent-controlled working directory

Cursor is a code editor built for programming with AI. Prior to 3.0, Cursor runs agent terminal commands in a sandbox by default, and the sandbox grants write access to the command's working directory. A flaw was identified in how the agent could modify the workingdirectory parameter, which could...

9.3CVSS0.00637EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 4:47 p.m.16 views

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53274

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service DoS by holding the socket lock indefinitely. The function smcsetsockopt...

5.5CVSS0.00126EPSS
Exploits0References6
OSV
OSV
added 2026/06/25 9:16 a.m.3 views

UBUNTU-CVE-2026-53274

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service DoS by holding the socket lock indefinitely. The function smcsetsockopt...

6.8CVSS5.9AI score0.00126EPSS
Exploits0References9
EUVD
EUVD
added 2026/06/25 8:39 a.m.6 views

EUVD-2026-39225

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service DoS by holding the socket lock indefinitely. The function smcsetsockopt...

5.9AI score0.00126EPSS
Exploits0References6
CVE
CVE
added 2026/06/25 8:39 a.m.24 views

CVE-2026-53274

CVE-2026-53274 affects the Linux kernel net/smc code. A logic flaw in __smc_setsockopt() allowed a local unprivileged user to cause a Denial of Service by keeping the socket lock held during a copy_from_sockptr() operation. The vulnerability occurs because the copy is performed while holding lock...

5.5CVSS5.9AI score0.00126EPSS
Exploits0References6Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:29 p.m.8 views

CVE-2026-53766

Chrome DevTools for agents chrome-devtools-mcp lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath enforces workspace roots by checking whether path.resolvefilePath textually falls under one of the configured root paths. path.resolve...

6.1CVSS5.8AI score0.00087EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/24 8:31 p.m.8 views

CVE-2026-52811

CVE-2026-52811 (Gogs) : In versions 0.14.0–0.14.2, UploadRepoFiles checks for symlinks only on the leaf path, while other code paths validate the entire path. An attacker with repo-write access can upload a file whose filename contains a backslash, which path normalization converts to a multi-seg...

9CVSS5.9AI score0.00474EPSS
Exploits0References4
Rows per page
Query Builder