Lucene search
K

141 matches found

OSV
OSV
added 5 days ago5 views

DEBIAN-CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0References1
NVD
NVD
added 5 days ago7 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS0.00241EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 5 days ago4 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0References3
Debian CVE
Debian CVE
added 5 days ago3 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

5.4CVSS6AI score0.00241EPSS
Exploits0
Cvelist
Cvelist
added 5 days ago111 views

CVE-2026-59996

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS0.00241EPSS
Exploits0References3
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42138

scp in OpenSSH before 10.4 may place a file in the parent directory of an intended directory when the copy occurs between two remote destinations...

4.2CVSS6AI score0.00241EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 9:12 p.m.31 views

CVE-2026-34153 Coolify LocalFileVolume fs_path command injection enables RCE

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, LocalFileVolume::saveStorageOnServer builds shell commands using unescaped fspath and parentdir values before validation, and submitFileStorage does not validate the...

8.8CVSS0.00403EPSS
Exploits0References3
CVE
CVE
added 2026/07/06 9:12 p.m.13 views

CVE-2026-34153

CVE-2026-34153 affects Coolify before 4.0.0-beta.471, where LocalFileVolume::saveStorageOnServer builds shell commands from unescaped fs_path and parent_dir values prior to validation, and submitFileStorage does not validate the user-controlled file-mount path before creating a volume. An authent...

8.8CVSS6.1AI score0.00403EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/26 12:27 a.m.5 views

CVE-2026-53244

A flaw was found in the Linux kernel's Network File System Daemon NFSD component. When NFSD exports a filesystem utilizing atomiccreate, an error during atomiccreate processing can result in nfsd4createfile failing to unlock the parent directory. This resource management issue may lead to resourc...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References4
OSV
OSV
added 2026/06/23 9:49 p.m.3 views

GHSA-JC3J-X6PG-4HMV Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir

Summary When algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the client-supplied Host header. The join is performed by filepath.Join wit...

8.2CVSS6.3AI score0.00335EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/26 4:44 p.m.14 views

CVE-2026-48126 Algernon: Host header path traversal in --domain mode reads files and runs Lua from parent dir

Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain or --letsencrypt, which silently turns on --domain at engine/flags.go:372, the request handler resolves the served directory by joining the configured --dir with the value of the...

8.2CVSS6AI score0.00335EPSS
Exploits0References1
CVE
CVE
added 2026/05/26 4:44 p.m.29 views

CVE-2026-48126

Algernon, a small self-contained pure-Go web server, is vulnerable prior to version 1.17.8 when started with --domain (or --letsencrypt). The request handler resolves the served directory by joining the configured --dir with the client-supplied Host header using filepath.Join without validation, ...

8.2CVSS6AI score0.00335EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.11 views

PT-2026-43308

Name of the Vulnerable Software and Affected Versions Algernon versions prior to 1.17.8 Description When started with the --domain flag or the --letsencrypt flag which enables --domain automatically, the request handler resolves the served directory by joining the configured --dir with the value ...

8.2CVSS6.2AI score0.00335EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/09 12:0 a.m.8 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: libcap (UTSA-2026-016785)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016785 advisory. A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an...

7CVSS5.7AI score0.00188EPSS
Exploits1References4
Mageia
Mageia
added 2026/05/07 5:6 a.m.15 views

Updated opam packages fix security vulnerability

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...

7.8CVSS6.2AI score0.00205EPSS
Exploits0References2
OSV
OSV
added 2026/05/07 5:6 a.m.7 views

MGASA-2026-0116 Updated opam packages fix security vulnerability

In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. CVE-2026-41082...

7.8CVSS6.2AI score0.00205EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/01 8:9 p.m.9 views

CVE-2026-31706

A flaw was found in ksmbd, a Linux kernel module that provides an in-kernel SMB server. An authenticated client can exploit this vulnerability by manipulating the numaces value within the parent directory's security.NTACL extended attribute. This manipulation causes ksmbd to attempt an excessivel...

8.8CVSS5.7AI score0.00369EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/04/30 7:1 p.m.34 views

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

7CVSS5.2AI score0.00188EPSS
Exploits1References5
NVD
NVD
added 2026/04/24 3:16 a.m.4 views

CVE-2026-40254

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

6.1CVSS0.002EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/24 2:24 a.m.8 views

EUVD-2026-25381

FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot function catches ../ and ..\ mid-path but misses .. when it's the last component with no trailing...

4.2CVSS5.8AI score0.002EPSS
Exploits1References1
Rows per page
Query Builder