Lucene search
+L

157 matches found

osv
osv
added 2026/07/07 4:2 p.m.6 views

PYSEC-2026-1569 LlamaIndex vulnerability in ArxivReader class can cause MD5 hash collisions

A vulnerability in the ArxivReader class of the run-llama/llamaindex repository allows for MD5 hash collisions when generating filenames for downloaded papers. This can lead to data loss as papers with identical titles but different contents may overwrite each other, preventing some papers from...

5.3CVSS6.1AI score0.00281EPSS
Exploits1References7
nvd
nvd
added 2026/07/07 12:16 a.m.11 views

CVE-2026-53648

FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as md5 under the uploads...

5.1CVSS0.00264EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/06/29 2:3 p.m.7 views

CVE-2026-46406

Claude Code is an agentic coding tool. From 2.1.59 until 2.1.128, the Claude Code /copy command wrote responses to a hardcoded, predictable path /tmp/claude/response.md without UID isolation, randomness, or symlink protection. The file was created world-readable 0644 in a world-traversable...

4.4CVSS5.9AI score0.00149EPSS
Exploits0References2Affected Software1
redhat
redhat
added 2026/06/23 1:24 a.m.6 views

samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.8AI score0.00939EPSS
Exploits0References5
debiancve
debiancve
added 2026/06/12 6:9 p.m.18 views

CVE-2026-42306

Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary...

7.2CVSS5.3AI score0.00104EPSS
Exploits0
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.23 views

PT-2026-47536

Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belonging to another user, resulting in escalation of privileges. This has high impact on integrity with...

7.1CVSS5.6AI score0.00207EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/05/27 12:9 p.m.17 views

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

6.5CVSS5.7AI score0.00939EPSS
Exploits0References13
github
github
added 2026/05/19 3:38 p.m.13 views

zrok copy writes attacker-controlled WebDAV paths outside the destination root

Summary Alice runs zrok2 copy from a WebDAV or zrok drive controlled by Bob into a local filesystem target. Bob returns a DAV href such as /../outside.txt. The sync pipeline stores that path in the source inventory and passes it to FilesystemTarget.WriteStream, which joins it with the target root...

8.3CVSS5.8AI score0.00061EPSS
Exploits0References2Affected Software2
github
github
added 2026/05/18 8:17 p.m.24 views

OpenTelemetry eBPF Instrumentation: Log enricher writev path can overread and overwrite user buffers

Summary OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total ioviter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. Details In...

5.3CVSS5.9AI score0.00172EPSS
Exploits1References4Affected Software1
cve
cve
added 2026/05/15 8:40 p.m.26 views

CVE-2026-45402

Open WebUI CVE-2026-45402 describes a cross-user file access/overwrite vulnerability in offline Open WebUI prior to 0.9.5. Two concrete paths allow attaching a victim’s file_id without verifying ownership: (1) folder knowledge ingestion via POST /api/v1/folders/{id}/update and (2) knowledge-base ...

8.1CVSS5.8AI score0.00346EPSS
Exploits1References1Affected Software1
cvelist
cvelist
added 2026/05/15 8:40 p.m.62 views

CVE-2026-45402 Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.5, multiple endpoints accept a user-supplied fileid and attach the referenced file to a resource the caller controls folder knowledge, knowledge-base contents without verifying that the...

8.1CVSS0.00346EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/05/12 8:21 p.m.11 views

CVE-2026-45224

Crabbox before 0.9.0 contains a path traversal vulnerability in the Islo provider's workspace path resolution that allows attackers to supply absolute or relative paths that resolve outside the intended /workspace directory. Attackers can craft a malicious .crabbox.yaml or crabbox.yaml file with...

7.1CVSS5.9AI score0.00144EPSS
Exploits0References1
cve
cve
added 2026/05/08 2:22 p.m.25 views

CVE-2026-43430

The issue CVE-2026-43430 affects the Linux kernel USB driver for yurex. A race condition occurs in the probe path where the bbu field is not initialized before the URB completion handler uses it, creating a window during which descriptor data can be overwritten by concurrent probing. This can lea...

4.7CVSS5.8AI score0.00089EPSS
Exploits0References8Affected Software1
snyk
snyk
added 2026/04/22 5:43 p.m.13 views

External Control of File Name or Path

Overview i18next-fs-backend is an i18next-fs-backend is a backend layer for i18next using in Node.js and for Deno to load translations from the filesystem. Affected versions of this package are vulnerable to External Control of File Name or Path that leads to raw interpolation of lng and ns value...

8.8CVSS5.9AI score0.00292EPSS
Exploits0References3
f5
f5
added 2026/04/21 10:19 p.m.15 views

K000160938: OpenSSH vulnerabilities CVE-2019-16905 and CVE-2020-12062

Security Advisory Description CVE-2019-16905 OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution...

7.8CVSS7.7AI score0.02267EPSS
Exploits2
euvd
euvd
added 2026/04/20 12:32 p.m.4 views

EUVD-2026-23834

When sed is invoked with both -i in-place edit and --follow-symlinks, the function opennextfile performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original...

2.1CVSS5.9AI score0.00142EPSS
Exploits0References3
osv
osv
added 2026/03/10 7:44 a.m.12 views

UBUNTU-CVE-2026-31802

node-tar is a full-featured Tar for Node.js. Prior to version 7.5.11, tar npm can be tricked into creating a symlink that points outside the extraction directory by using a drive-relative symlink target such as C:../../../target.txt, which enables file overwrite outside cwd during normal tar.x...

8.2CVSS5.8AI score0.00253EPSS
Exploits4References3
ptsecurity
ptsecurity
added 2026/03/10 12:0 a.m.34 views

PT-2026-41197

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.5 Description Multiple endpoints accept a user-supplied file id and attach the referenced file to a resource controlled by the caller, such as folder knowledge or knowledge-base contents, without verifying if t...

8.5CVSS7AI score0.00346EPSS
Exploits1References14
amazon
amazon
added 2026/03/05 12:0 a.m.9 views

Important: nodejs24

Issue Overview: node-tar is a Tar for Node.js. The node-tar library = 7.5.2 fails to sanitize the linkpath of Link hardlink and SymbolicLink entries when preservePaths is false the default secure behavior. This allows malicious archives to bypass the extraction root restriction, leading to...

8.8CVSS5.9AI score0.00541EPSS
Exploits4
nessus
nessus
added 2026/02/19 12:0 a.m.17 views

Ubuntu 24.04 LTS : Linux kernel (Low Latency) vulnerabilities (USN-8052-1)

"The remote Ubuntu 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8052-1 advisory. It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory...

9.8CVSS7.1AI score0.09796EPSS
Exploits8References754
Rows per page
Query Builder