Lucene search
K

4 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2026/05/04 12:0 a.m.188 views

apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root

A crafted .apk could install a TypeSymlink tar entry whose target pointed outside the build root, and a subsequent directory-creation or file-write entry in the same or later archive could traverse that symlink to reach host paths the build user could write to. The root cause was the sanitizePath...

7.5CVSS5.8AI score0.00352EPSS
Exploits0References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/29 12:0 a.m.16 views

Linux Distros Unpatched Vulnerability : CVE-2026-39973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in...

7.1CVSS6AI score0.00182EPSS
Exploits1References2
OSV
OSV
added 2026/04/23 9:24 p.m.2 views

GHSA-M8MH-X359-VM8M Apktool: Path Traversal to Arbitrary File Write

A path traversal vulnerability in brut/androlib/res/decoder/ResFileDecoder.java allows a maliciously crafted APK to write arbitrary files to the filesystem during standard decoding apktool d. This is a security regression introduced in commit e10a045 PR 4041, December 12, 2025, which removed the...

7.1CVSS5.9AI score0.00182EPSS
Exploits1References6
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

goshs 路径遍历漏洞

Goshs is a simple HTTP server developed by Patrick Hener using Go language. Versions of Goshs prior to 2.0.0-beta.6 contained a path traversal vulnerability. This vulnerability stemmed from the SFTP subsystem’s sanitizePath function, which used prefix-based path validation. As a result,...

8.8CVSS5.8AI score0.00439EPSS
Exploits1References1
Rows per page
Query Builder