Lucene search
K

9 matches found

EUVD
EUVD
added 2026/07/06 8:21 p.m.8 views

EUVD-2026-24998

cp: -R reads device nodes as streams, destroying device semantics...

5.5CVSS5.9AI score0.00177EPSS
Exploits1References6
NVD
NVD
added 2026/05/28 10:17 p.m.20 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2.5CVSS0.00193EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/28 9:18 p.m.13 views

EUVD-2026-33067

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00193EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 9:18 p.m.11 views

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

5.8AI score0.00193EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.10 views

PT-2026-44545

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

2CVSS5.8AI score0.00193EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/22 4:8 p.m.4 views

CVE-2026-35358

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS5.7AI score0.00177EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/22 4:8 p.m.31 views

CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading

The cp utility in uutils coreutils, when performing recursive copies -R, incorrectly treats character and block device nodes as stream sources rather than preserving them. Because the implementation reads bytes into regular files at the destination instead of using mknod, device semantics are...

4.4CVSS0.00177EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.7 views

PT-2026-34494

Name of the Vulnerable Software and Affected Versions uutils coreutils affected versions not specified Description The cp utility incorrectly handles character and block device nodes during recursive copies using the -R flag. Instead of preserving the device nodes via mknod, the implementation...

5.5CVSS6AI score0.00177EPSS
Exploits1References17
Hacker One
Hacker One
added 2018/11/11 2:18 p.m.23 views

Node.js third-party modules: Prototype pollution attack (lutils-merge)

Hi team, I would like to report a prototype pollution vulnerability in lutils-merge that allows an attacker to inject properties on Object.prototype. Module module name: lutils-merge version: 0.2.6 npm page: https://www.npmjs.com/package/lutils-merge Module Description Merge javascript objects...

0.7AI score
Exploits0
Rows per page
Query Builder