Lucene search
K

5 matches found

EUVD
EUVD
added yesterday3 views

EUVD-2026-42316

On Unix systems, opening a file in an os.Root improperly follows symlinks to locations outside of the Root when the final path component of the a path is a symbolic link and the path ends in /. For example, 'root.Open"symlink/"' will open "symlink" even when "symlink" is a symbolic link pointing...

7.8CVSS6AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/08 11:50 p.m.12 views

SharpCompress has directory traversal via directory entries in WriteToDirectory (zip slip variant)

Summary A path traversal vulnerability in IArchive.WriteToDirectory allows a malicious archive to create directories outside the intended extraction root. For TAR archives, this can be escalated to arbitrary file writes by chaining with a symlink entry, giving a full write primitive on the target...

6.5CVSS6AI score0.00313EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/25 11:34 p.m.12 views

zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.7AI score0.0033EPSS
Exploits0References5Affected Software2
SUSE CVE
SUSE CVE
added 2026/04/08 11:25 p.m.9 views

SUSE CVE-2026-32282

On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the ATSYMLINKNOFOLLOW flag, which Root.Chmod uses to...

6.3CVSS5.8AI score0.00292EPSS
Exploits0References33
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.6 views

PT-2023-32413 · WordPress · File Manager

Name of the Vulnerable Software and Affected Versions: File Manager WordPress plugin versions prior to 6.3 Description: The issue allows an administrator to set a root outside of the WordPress root directory, giving access to system files and directories even in a multisite setup, where site...

6.5CVSS6.9AI score0.0085EPSS
Exploits2References6
Rows per page
Query Builder