Lucene search
K

7 matches found

OSV
OSV
added 2026/06/19 7:11 a.m.2 views

SUSE-SU-2026:22172-1 Security update for zypper, libzypp, libsolv

This update for zypper, libzypp, libsolv fixes the following issues: Changes in zypper: Update to 1.14.98: - Transactional systems: Delegate rw-commands to transactional-wrapper if available jscPED-13680, jscPED-15607 On a transactional system where the root filesystem is mounted read-only, zyppe...

8.8CVSS6.2AI score0.006EPSS
Exploits0References20
CVE
CVE
added 2026/06/10 5:31 p.m.24 views

CVE-2026-50568

Fission (Kubernetes-native serverless framework) has a lexical path check vulnerability in SanitizeFilePath (pkg/utils/utils.go) that used strings.HasPrefix(path, safedir) instead of a directory-boundary check. This allowed a sibling directory escape (e.g., /packages-extra/evil under /packages) t...

3.6CVSS5.4AI score0.00114EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-49599

Impact skillctl 0.1.0 and 0.1.1 contained four path-safety vulnerabilities that, in combination, allowed an attacker to: 1. Exfiltrate arbitrary files on the operator's machine by publishing a malicious skills library containing a symlink inside a skill folder e.g. niania →...

5.6AI score
Exploits0References5
OSV
OSV
added 2026/05/14 8:22 p.m.9 views

CLSA-2026-1778768341 python: Fix of 4 CVEs

CVE-2019-9740: reject control characters in HTTP URL paths in httplib.HTTPConnection.putrequest to prevent CRLF header injection - CVE-2019-18348: reject control characters in hostnames in httplib.HTTPConnection.init via a new validatehost helper to prevent CRLF header injection the glibc...

6.1CVSS7.3AI score0.05328EPSS
Exploits1References1
Snyk
Snyk
added 2025/12/29 7:43 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient sanitization of directory names ending with a "." in the upload process. An attacker can write files outside the intended datastore directory by crafting directory names that end with "%2E". This ...

8.2CVSS7.7AI score0.00471EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/05/21 12:0 a.m.3 views

SafeKey: Amplifying Aha-Moment Insights for Safety Reasoning

Large Reasoning Models LRMs introduce a new generation paradigm of explicitly reasoning before answering, leading to remarkable improvements in complex tasks. However, they pose great safety risks against harmful queries and adversarial attacks. While recent mainstream safety efforts on LRMs,...

7.3AI score
Exploits0
Github Security Blog
Github Security Blog
added 2024/01/31 11:13 p.m.33 views

Path Traversal in Moby builder

util/binfmtmisc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call...

5.3CVSS6.7AI score0.01745EPSS
Exploits0References6Affected Software2
Rows per page
Query Builder