134 matches found
SUSE CVE-2025-12801
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
DEBIAN-CVE-2025-12801
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
UBUNTU-CVE-2025-12801
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
CVE-2025-12801 Nfs-utils: rpc.mountd in the nfs-utils privilege escalation
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
CVE-2025-12801
A vulnerability was recently discovered in the rpc.mountd daemon in the nfs-utils package for Linux, that allows a NFSv3 client to escalate the privileges assigned to it in the /etc/exports file at mount time. In particular, it allows the client to access any subdirectory or subtree of an exporte...
CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings
Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...
PT-2026-3477
Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIA ROOT, the full database file may be externally...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001474)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001474 advisory. fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other par...
EUVD-2026-1917
A path traversal vulnerability exists in Zen MCP Server before 9.8.2 that allows authenticated attackers to read arbitrary files on the system. The vulnerability is caused by flawed logic in the isdangerouspath validation function that uses exact string matching against a blacklist of system...
CVE-2025-68430 CVAT vulnerable to directory traversal via mounted share listing
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2020-12062)
The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client's download directory by creating a crafted subdirectory anywhere on the...
EUVD-2025-34071
llama-index has Insecure Temporary File...
EUVD-2018-8088
Malware in sbrugna...
EUVD-2000-0120
Malware in sbrugna...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-414611)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-414611 advisory. fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other par...
EUVD-2022-51762
Malicious code in bioql PyPI...
EUVD-2025-25049
Malicious code in bioql PyPI...
EUVD-2025-11220
Malicious code in bioql PyPI...