Lucene search
K

453 matches found

PyPA
PyPA
added 2026/04/06 6:16 p.m.10 views

PYSEC-2026-71

Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...

8.1CVSS5.8AI score0.00327EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/03 9:31 p.m.2 views

EUVD-2022-55962

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

7.3CVSS6.2AI score0.00122EPSS
Exploits0References3
NVD
NVD
added 2026/04/03 9:17 p.m.3 views

CVE-2022-4987

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

7.3CVSS0.00122EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:15 p.m.2 views

CVE-2022-4987

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

7.3CVSS6.2AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.7 views

PT-2026-30210

Hirschmann Industrial HiVision version 08.1.03 prior to 08.1.04 and 08.2.00 contains a vulnerability in the execution of user-configured external applications that allows a local attacker to execute arbitrary binaries. Due to insufficient path sanitization, an attacker can place a malicious binar...

7.3CVSS6.2AI score0.00122EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/03 12:0 a.m.6 views

PT-2026-30021

Name of the Vulnerable Software and Affected Versions goshs affected versions not specified Description goshs is susceptible to a critical path traversal flaw in the PUT upload functionality. The PUT upload process lacks proper path sanitization, allowing attackers to write arbitrary files to the...

9.8CVSS7.4AI score0.00683EPSS
Exploits1References14
Cvelist
Cvelist
added 2026/03/26 8:6 p.m.28 views

CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers

A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue...

5CVSS0.00408EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.9 views

SUSE CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS5.8AI score0.00739EPSS
Exploits1References3
OSV
OSV
added 2026/03/18 3:29 p.m.1 views

OPENSUSE-SU-2026:20387-1 Security update for busybox

This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...

7CVSS6.4AI score0.00682EPSS
Exploits2References4
OSV
OSV
added 2026/03/18 3:27 p.m.3 views

SUSE-SU-2026:20905-1 Security update for busybox

This update for busybox fixes the following issues: Changes in busybox: - CVE-2026-26157: Fixed arbitrary file overwrite and potential code execution via incomplete path sanitization. bsc1258163 - CVE-2026-26158: Fixed arbitrary file modification and privilege escalation via unvalidated tar archi...

7CVSS6.5AI score0.00682EPSS
Exploits2References5
OSV
OSV
added 2026/03/15 5:52 a.m.5 views

OESA-2026-1544 busybox security update

The Swiss Army Knife of Embedded Linux Security Fixes: A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory...

7CVSS6.2AI score0.00682EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2026/03/14 12:0 a.m.3 views

SUSE SLES12 Security Update : busybox (SUSE-SU-2026:0892-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0892-1 advisory. - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk....

7.2CVSS6.3AI score0.02793EPSS
Exploits6References25
OSV
OSV
added 2026/03/13 9:5 a.m.3 views

SUSE-SU-2026:0892-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...

7.2CVSS6.2AI score0.02793EPSS
Exploits6References17
OSV
OSV
added 2026/03/11 5:6 p.m.4 views

SUSE-SU-2026:0872-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2023-42363: use-after-free vulnerability in xasprintf function in xfuncsprintf.c bsc1217580. - CVE-2023-42364: use-after-free in the awk.c evaluate function bsc1217584. - CVE-2023-42365: use-after-free in the awk.c copyvar function...

7.2CVSS6.2AI score0.02793EPSS
Exploits6References17
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.5 views

SUSE SLES15 / openSUSE 15 Security Update : busybox (SUSE-SU-2026:0758-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0758-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. ...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

SUSE SLED15 / SLES15 Security Update : busybox (SUSE-SU-2026:0759-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0759-1 advisory. - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization...

7CVSS6.2AI score0.00682EPSS
Exploits2References7
Snyk
Snyk
added 2026/03/04 6:25 p.m.3 views

Directory Traversal

Overview nltk is a Natural Language Toolkit NLTK is a Python package for natural language processing. Affected versions of this package are vulnerable to Directory Traversal due to improper sanitization of file paths in the CorpusReader classes. An attacker can gain unauthorized access to sensiti...

8.7CVSS6.3AI score0.00924EPSS
Exploits3References2
OSV
OSV
added 2026/03/03 12:16 p.m.2 views

SUSE-SU-2026:0759-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...

7CVSS6.3AI score0.00682EPSS
Exploits2References5
OSV
OSV
added 2026/03/03 12:16 p.m.4 views

SUSE-SU-2026:0758-1 Security update for busybox

This update for busybox fixes the following issues: - CVE-2026-26157: Arbitrary file overwrite and potential code execution via incomplete path sanitization bsc1258163. - CVE-2026-26158: Arbitrary file modification and privilege escalation via unvalidated tar archive entries bsc1258167...

7CVSS6.3AI score0.00682EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2026/02/26 10:34 p.m.5 views

CVE-2026-27819

Vikunja is an open-source self-hosted task management platform. Prior to version 2.0.0, the restoreConfig function in vikunja/pkg/modules/dump/restore.go of the go-vikunja/vikunja repository fails to sanitize file paths within the provided ZIP archive. A maliciously crafted ZIP can bypass the...

7.2CVSS5.7AI score0.00739EPSS
Exploits1References1
Rows per page
Query Builder