15852 matches found
GHSA-25G8-2MCF-FCX9 changedetection.io has Zip Slip vulnerability in the backup restore functionality
Summary A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. Details A Zip Slip vulnerability in the backup restore functionality allows arbitrary file overwrite via path traversal in uploaded ZIP archives. The...
USN-8074-1: Linux kernel (Azure) vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
USN-8074-1 linux-azure vulnerabilities
It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos, and Flavien Solt...
CVE-2026-28778
International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005530)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005530 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/riocm.c: prevent possible heap overwrite In riocmcdevioctlRIOCMCHANSEND -...
Symlink Attack
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Symlink Attack via the stageSandboxMedia process. An attacker can overwrite arbitrary files outside the intended workspace by staging media files to a destination path containing a symlin...
GHSA-CFVJ-7RX7-FC7C OpenClaw: stageSandboxMedia destination symlink traversal can overwrite files outside sandbox workspace
Summary stageSandboxMedia allowed destination symlink traversal during media staging, which could overwrite files outside the sandbox workspace root. Impact When sandbox media staging handled inbound files, destination writes under media/inbound were not destination-alias-safe. If a symlink exist...
CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...
CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...
CVE-2021-35486
A Cross-Site Request Forgery CSRF vulnerability in Nokia IMPACT through 19.11.2.10-20210118042150283 allows a remote attacker to import and overwrite the entire application configuration. Specifically, in /ui/rest-proxy/entity/import, neither the X-CSRF-NONCE HTTP header nor the CSRF-NONCE cookie...
OPENSUSE-SU-2026:20305-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
SUSE-SU-2026:20626-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
SUSE-SU-2026:20641-1 Security update for podman
This update for podman fixes the following issues: Changes in podman: - Add symlink to catatonit in /usr/libexec/podman bsc1248988 - CVE-2025-47914: Fixed golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read bsc1253993 - CVE-2025-47913: Fixed...
Security update for busybox
This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...
SUSE-SU-2026:0759-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
Security update for busybox
This update for busybox fixes the following issues: CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167. Patch...
SUSE-SU-2026:0758-1 Security update for busybox
This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...
CVE-2025-66945
A path traversal vulnerability exists in the ZIP extraction API of Zdir Pro 4.x. When a crafted ZIP archive is processed by the backend at /api/extract, files may be written outside the intended directory, leading to arbitrary file overwrite and potentially remote code execution...