Lucene search
+L

246 matches found

CVE
CVE
added yesterday6 views

CVE-2026-9147

CVE-2026-9147 affects uproot 5.7.4 and prior. The issue arises when uproot dynamically generates Python class source code from ROOT TStreamerInfo records and compiles it at runtime. Some file-controlled streamer metadata fields (e.g., streamer element names) are interpolated into the generated Py...

8.5CVSS6.2AI score
Exploits0References4
EUVD
EUVD
added yesterday4 views

EUVD-2026-45374

uproot dynamically generates Python class source code from ROOT TStreamerInfo records in a file and compiles it at runtime. Some file-controlled streamer metadata fields for example, streamer element names are interpolated into the generated Python source without safe quoting via repr or the !r...

8.5CVSS6.2AI score
Exploits0References4
Positive Technologies
Positive Technologies
added 3 days ago14 views

PT-2026-60460

Name of the Vulnerable Software and Affected Versions ubuntu-pro-client affected versions not specified Description An insecure symlink following issue exists within the pro collect-logs command framework. The utility uses predictable temporary file paths or user-accessible log directories to...

5CVSS6AI score0.00155EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago27 views

CVE-2026-62947 OpenWrt: ACL bypass and arbitrary root file read via cgi-io cgi-download

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS0.00358EPSS
Exploits0References4
CVE
CVE
added 4 days ago9 views

CVE-2026-62947

CVE-2026-62947 affects OpenWrt prior to 25.12.5 through the cgi-download handler in cgi-io, where the requested path is validated against the caller’s ubus session file ACL before canonicalization. The rpcd session.c uses fnmatch() without FNM_PATHNAME, enabling traversal such as an allowed wildc...

4.9CVSS6.1AI score0.00358EPSS
Exploits0References4
OSV
OSV
added 4 days ago4 views

CVE-2026-62947 OpenWrt: ACL bypass and arbitrary root file read via cgi-io cgi-download

OpenWrt is a Linux operating system targeting embedded devices. Prior to 25.12.5, the cgi-download handler in cgi-io authorizes the requested path against the caller's ubus session file ACL before canonicalization, and rpcd session.c uses fnmatch without FNMPATHNAME, allowing traversal such as an...

4.9CVSS6.1AI score0.00358EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/07 4:37 p.m.7 views

EUVD-2026-42056

AWS Research and Engineering Studio RES is an open-source solution that enables researchers and engineers to create and manage secure virtual desktops and computing resources on AWS. Improper link resolution before file access issue CWE-59 in the Auth.GetUserPrivateKey API. An authenticated remot...

7.1CVSS6.2AI score0.00381EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 6:16 p.m.8 views

CVE-2026-48614

An improper authorization vulnerability in the Plesk XML API allows an authenticated user to inject arbitrary configuration directives, resulting in arbitrary file write as root and full privilege escalation on the underlying server...

9.9CVSS0.0033EPSS
Exploits0References1
NVD
NVD
added 2026/07/02 4:16 p.m.8 views

CVE-2026-44941

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.8CVSS0.00533EPSS
Exploits1References2
EUVD
EUVD
added 2026/07/02 3:19 p.m.8 views

EUVD-2026-41406

A relative path traversal in the "keyhint" option in repomd.xml parsing of libzypp before 17.38.12 can be used by attackers able to supply a malicious repository to inject or overwrite files in the target system as root...

8.4CVSS5.8AI score0.00533EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.23 views

PT-2026-51461

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.9 Description An issue exists where a workspace-level builder can read any file the server process has access to by uploading a specially crafted PWA zip file. The POST /api/pwa/process-zip endpoint extracts the...

9.6CVSS5.8AI score0.00494EPSS
Exploits1References8
OSV
OSV
added 2026/06/11 9:57 p.m.11 views

MAL-2026-5678 Malicious code in internallib_v557 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275af9596caf2b68994ca8282da7e127f8a4478e07888dbae73826328b4e41f2 index.js implements a multi-step attack against an internal npm registry. On invocation of the exported command, it: 1 creates a Verdaccio user...

5.5AI score
Exploits0References25
RedHat Linux
RedHat Linux
added 2026/06/09 1:49 p.m.24 views

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux RHEL 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

8.8CVSS6AI score0.03663EPSS
Exploits24References3
NVD
NVD
added 2026/06/09 11:16 a.m.16 views

CVE-2026-47343

Non-privileged backend users with file mount access were able to perform write operations move, delete, rename on folders representing the root of an active file mount due to missing authorization restrictions. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0 through 11.5.50, 12.0.0...

7.2CVSS0.00238EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.8 views

RHEL 9 : kpatch-patch (RHSA-2026:24814)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:24814 advisory. This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
Tenable Nessus
Tenable Nessus
added 2026/06/06 12:0 a.m.23 views

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 (RHSA-2026:23469)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:23469 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patc...

7.8CVSS5.6AI score0.03663EPSS
Exploits17References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44711

pamusb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, symlink attacks on pad directory and pad files enable authentication bypass and root file corruption. This vulnerability is fixed in 0.8.7...

7.9CVSS5.5AI score0.00166EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/04 10:8 p.m.22 views

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_148_1, and kpatch-patch-5_14_0-284_158_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.1AI score0.03663EPSS
Exploits24References3
RedHat Linux
RedHat Linux
added 2026/06/04 9:24 p.m.22 views

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-477_107_1, kpatch-patch-4_18_0-477_120_1, kpatch-patch-4_18_0-477_130_1, kpatch-patch-4_18_0-477_89_1, and kpatch-patch-4_18_0-477_97_1 security update

An update for multiple packages is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

8.8CVSS6.1AI score0.03663EPSS
Exploits24References3
GitLab Advisory Database
GitLab Advisory Database
added 2026/05/29 12:0 a.m.15 views

Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta

Binary delta apply intermediate-symlink traversal in malicious .delta Autoupdate/SUBinaryDeltaApply.m enforces relativePath.pathComponents containsObject:@".." and rejects writes whose immediate parent directory IS itself a symbolic link, but does not detect symlinks deeper in the relative path...

5.9AI score0.00029EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder