Lucene search
K

15955 matches found

Positive Technologies
Positive Technologies
added 2025/09/22 12:0 a.m.5 views

PT-2025-39067

Name of the Vulnerable Software and Affected Versions Conventional Changelog versions prior to 2.0.0 Description The @conventional-changelog/git-client library, versions prior to 2.0.0, contains a flaw in the getTags API that allows for argument injection into the git log command. This occurs...

5.3CVSS7AI score0.00202EPSS
Exploits0References9
OSV
OSV
added 2025/09/18 8:42 p.m.4 views

CLSA-2025-1758228143 Fix CVE(s): CVE-2023-30630

SECURITY UPDATE: Overwrite a local file - debian/patches/CVE-2023-30630.patch: Prevent --dump-bin from overwriting local files to address privilege escalation vulnerability - CVE-2023-30630...

7.1CVSS6.7AI score0.00523EPSS
Exploits1References1
OSV
OSV
added 2025/09/18 8:41 p.m.6 views

CLSA-2025-1758228073 Fix CVE(s): CVE-2023-30630

SECURITY UPDATE: Overwrite a local file - debian/patches/CVE-2023-30630.patch: Prevent --dump-bin from overwriting local files to address privilege escalation vulnerability - CVE-2023-30630...

7.1CVSS6.7AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/18 5:54 p.m.8 views

CVE-2025-59336

Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec verification system. This...

6.9CVSS6.4AI score0.00423EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/09/17 3:50 p.m.1 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
NVD
NVD
added 2025/09/16 5:15 p.m.3 views

CVE-2025-59336

Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec verification system. This...

6.9CVSS0.00423EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/09/16 5:15 p.m.2 views

CVE-2025-59161

Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validation of room predecessor links, allowing a remote attacker to attempt to impermanently replace a room's entry in the room list with an unrelated...

6.9CVSS7AI score0.0038EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/16 4:59 p.m.3 views

CVE-2025-59336 Relative Path Traversal in Luanox

Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix runtime files. Package names like ../../package are not properly filtered and pass the validity check of the rockspec verification system. This...

6.9CVSS6.1AI score0.00423EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/09/16 9:18 a.m.3 views

podman: Podman kube play command may overwrite host files

There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the targ...

8.1CVSS5.8AI score0.01008EPSS
Exploits0References6
Veracode
Veracode
added 2025/09/16 6:41 a.m.8 views

Path Traversal

github.com/mattermost/mattermost-server is vulnerable to path traversal. The vulnerability is due to improper sanitization of file names, which allows an attacker with file upload permissions to overwrite file attachment thumbnails via file streaming APIs...

4.3CVSS7.1AI score0.00698EPSS
Exploits0References4Affected Software2
RedHat Linux
RedHat Linux
added 2025/09/16 5:56 a.m.5 views

Important: Red Hat Security Advisory: container-tools:rhel8 security update

An update for the container-tools:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

8.1CVSS6.8AI score0.01008EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/16 3:57 a.m.10 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

8.1CVSS6.8AI score0.01008EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/09/16 2:22 a.m.6 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.1CVSS6.8AI score0.01008EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.4 views

RHEL 10 : podman (RHSA-2025:15901)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15901 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS5.7AI score0.01008EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.4 views

RHEL 9 : podman (RHSA-2025:15900)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15900 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS5.7AI score0.01008EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/16 12:0 a.m.3 views

Amazon Linux 2 : redis, --advisory ALAS2REDIS6-2025-014 (ALASREDIS6-2025-014)

The version of redis installed on the remote host is prior to 6.2.14-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2REDIS6-2025-014 advisory. TOCTOU in linenoiseHistorySave in linenoise allows local attackers to overwrite arbitrary files and change permissions via a...

6.8CVSS5.8AI score0.00099EPSS
Exploits0References4
AlmaLinux
AlmaLinux
added 2025/09/16 12:0 a.m.4 views

Important: podman security update

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: podman: Podman kube play command may overwrite host files CVE-2025-9566 For more details...

8.1CVSS7AI score0.01008EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2025/09/15 1:18 p.m.4 views

USN-7748-1: Vim vulnerabilities

It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...

4.1CVSS6.5AI score0.00731EPSS
Exploits2
OSV
OSV
added 2025/09/15 1:18 p.m.6 views

USN-7748-1 vim vulnerabilities

It was discovered that Vim incorrectly handled file extraction when opening maliciously crafted zip or tar archives. An attacker could possibly use this issue to create or overwrite files on the system and execute arbitrary code...

4.1CVSS6.6AI score0.00731EPSS
Exploits2References3
RedhatCVE
RedhatCVE
added 2025/09/14 12:10 a.m.20 views

CVE-2025-45586

An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request...

7.5CVSS6.9AI score0.00298EPSS
Exploits1References1
Rows per page
Query Builder