Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

NVD
NVDadded 5 hours ago5 views

CVE-2026-54230

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS
Exploits0References2
NVD
NVDadded 5 hours ago5 views

CVE-2026-54231

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS
Exploits0References2
EUVD
EUVDadded 6 hours ago7 views

EUVD-2026-36640

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS5.3AI score
Exploits0References2
Cvelist
Cvelistadded 6 hours ago10 views

CVE-2026-54231 Abrt: unsanitized systemd journal content written to dump directory files enables content injection

A content injection vulnerability was found in the ABRT post-create event handler scripts in libreport. The event script queries the systemd journal for log entries matching the crashed process and writes the results to files in the dump directory without sanitizing embedded control characters. A...

5.5CVSS
Exploits0References2
CVE
CVEadded 6 hours ago8 views

CVE-2026-54231

CVE-2026-54231 affects ABRT’s post-create event handler scripts in libreport. The event script reads journal entries for the crashed process and writes results to files in the dump directory without sanitizing embedded control characters. A local user can inject arbitrary content into the journal...

5.5CVSS5.4AI score
Exploits0References2
EUVD
EUVDadded 6 hours ago5 views

EUVD-2026-36639

A symlink following vulnerability was found in the ABRT post-create event handler scripts in libreport. Event scripts write output files using shell redirections without the ONOFOLLOW flag. If the target file is replaced with a symlink, the shell process running as root follows the symlink and...

7CVSS5.5AI score
Exploits0References2
CVE
CVEadded 6 hours ago8 views

CVE-2026-54230

CVE-2026-54230 describes a symlink-following vulnerability in ABRT’s libreport post-create event handler scripts. The scripts write output via shell redirections without O_NOFOLLOW, so if a target file is replaced with a symlink, a root process can overwrite arbitrary files on the system. This is...

7CVSS5.5AI score
Exploits0References2
Cvelist
Cvelistadded 6 hours ago10 views

CVE-2026-54229 Abrt: chownproblemdir succeeds during active post-create event processing due to inadequate locking

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS
Exploits0References2
EUVD
EUVDadded 6 hours ago6 views

EUVD-2026-36638

A race condition was found in the abrt-dbus D-Bus service's ChownProblemDir method. ChownProblemDir opens the dump directory with DDOPENREADONLY and calls ddchown to change ownership of all files to the caller's uid, succeeding even while post-create event handlers hold a write lock. This allows ...

7CVSS5.3AI score
Exploits0References2
CVE
CVEadded 6 hours ago9 views

CVE-2026-54229

Affects the abrt-dbus D-Bus service’s ChownProblemDir method. A race condition occurs when ChownProblemDir opens the dump directory with DD_OPEN_READONLY and then calls dd_chown to change ownership of all files to the caller’s UID, which succeeds even while post-create event handlers hold a write...

7CVSS5.3AI score
Exploits0References2
CVE
CVEadded 6 hours ago7 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score
Exploits0References2
NVD
NVDadded 2022/08/05 4:15 p.m.15 views

CVE-2022-36296

Broken Authentication vulnerability in JumpDEMAND Inc. ActiveDEMAND plugin = 0.2.27 at WordPress allows unauthenticated post update/create/delete...

6.5CVSS0.00163EPSS
Exploits0References1
Packet Storm
Packet Stormadded 2014/12/16 12:0 a.m.30 views

iUSB 1.2 Arbitrary Code Execution

Document Title: =============== iUSB v1.2 iOS - Arbitrary Code Execution Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1374 Release Date: ============= 2014-12-10 Vulnerability Laboratory ID VL-ID: ==================================== 137...

0.3AI score
Exploits0
Rows per page
Query Builder