CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

636 matches found

CVE-2026-41589

Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in charm.land/wish/v2 is vulnerable to path traversal attacks. A malicious SCP client can read arbitrary files from the server, write arbitrary files to the server,...

9.6CVSS5.5AI score0.00056EPSS

Exploits1References1

RedhatCVE•added 3 days ago•6 views

CVE-2026-35397

Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticated user to escape the configured rootdir and access sibling directories whose names begin with the same prefix as the rootdir. For exampl...

8.8CVSS5.5AI score0.00058EPSS

Exploits2References1

RedhatCVE•added 5 days ago•5 views

CVE-2026-5422

A flaw was found in jupyter-server. This path traversal vulnerability exists due to insufficient validation of file paths, specifically an incorrect root directory boundary check and improper handling of directory traversal sequences. This allows a remote attacker with low privileges to bypass...

8.1CVSS6.7AI score0.00039EPSS

Exploits1References4

AstraLinux•added 2026/05/20 5:53 a.m.•1 views

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: exfat: A memory leak has been fixed in exfatloadbitmap. If the first directory entry in the root directory is not a bitmap directory entry, the variable ‘bh’ will not be released and reassigned, which will cause a memory leak...

5.5CVSS6.3AI score0.00014EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•3 views

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstructing the file type when loading from disk syzbot reports that the SIFMT bits of the inode-imode field can become invalid when: - The SIFMT bits of the 32-bit “mode” field loaded from disk are corrupted, - Or when t...

5.7AI score0.00058EPSS

Exploits0References2

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Added a null pointer check for inode operations This adds a sanity check for the iop pointer of the inode, which is returned after reading the Root directory MFT record. We should check that the iop is valid before...

5.4AI score0.00028EPSS

Exploits0References2

RedHat Linux•added 2026/05/20 1:34 a.m.•4 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.7AI score0.0001EPSS

Exploits0References8

RedHat Linux•added 2026/05/19 4:14 p.m.•6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

6.4CVSS7.2AI score0.0001EPSS

Exploits0References8

Veracode•added 2026/05/15 5:47 p.m.•10 views

Path Traversal

github.com/charmbracelet/wish is vulnerable to Path Traversal. The vulnerability is due to improper validation of SCP filenames containing traversal sequences, which allows an attacker to read, write, or create files and directories outside the configured root directory...

9.6CVSS5.8AI score0.00056EPSS

Exploits1References5Affected Software2

RedHat Linux•added 2026/05/13 8:8 a.m.•9 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

6.4CVSS7.2AI score0.0001EPSS

Exploits0References8

NVD•added 2026/05/12 8:16 p.m.•5 views

CVE-2026-44220

ciguard is a static security auditor for CI/CD pipelines. From 0.8.0 to 0.8.1 , the discoverpipelinefiles function in src/ciguard/discovery.py walks a directory tree following symlinks, with cycle protection via tracking visited resolved paths. An attacker who can plant a symlink in a directory t...

3.2CVSS0.00004EPSS

Exploits0References1

RedhatCVE•added 2026/05/09 2:0 a.m.•6 views

CVE-2026-43472

A flaw was found in the Linux kernel's unshare system call. A local user, when attempting to create new namespaces with specific flags, could encounter a scenario where the process's current working directory and root directory pointers become detached. This occurs if the cgroup namespace creatio...

5.5CVSS5.8AI score0.00017EPSS

Exploits0References4

Cvelist•added 2026/05/07 1:17 p.m.•24 views

CVE-2026-41589 Wish has SCP Path Traversal that allows arbitrary file read/write

9.6CVSS0.00056EPSS

Exploits1References2

SUSE CVE•added 2026/05/07 2:20 a.m.•6 views

SUSE CVE-2026-35397

8.8CVSS5.8AI score0.00058EPSS

Exploits2References3

CNNVD•added 2026/05/06 12:0 a.m.•7 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.22 contained security vulnerabilities. These vulnerabilities stemmed from race conditions between the time of writing and the time of execution in the OpenShell sandbox file...

9.6CVSS6.1AI score0.00036EPSS

Exploits0References1

Tenable Nessus•added 2026/05/06 12:0 a.m.•7 views

Linux Distros Unpatched Vulnerability : CVE-2026-35397

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jupyter Server is the backend for Jupyter web applications. In versions 2.17.0 and earlier, a path traversal vulnerability in the REST API allows an authenticat...

8.8CVSS5.5AI score0.00058EPSS

Exploits2References3