Lucene search
K

5516 matches found

EUVD
EUVD
added 2 days ago7 views

EUVD-2025-210415

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolicshapes.ShapeEnv.evaluateguardsexpression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims...

8.1CVSS6.2AI score0.003EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added last week9 views

CVE-2026-41991

A flaw was found in the gzexe utility of GNU gzip. When the mktemp utility is not available, gzexe creates temporary files with predictable names based on the process ID. A local attacker can exploit this by pre-creating a symbolic link to an arbitrary file at the predicted temporary file path...

6CVSS5.9AI score0.00105EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added last week4 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
NVD
NVD
added 2026/06/29 2:16 p.m.8 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS0.00091EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/29 1:12 p.m.6 views

CVE-2026-54369

A flaw was found in the acl package, specifically within its libacl pathname-based functions. A local attacker could exploit this vulnerability by using a symbolic link to replace a pathname component. This could allow the attacker to redirect access control list ACL read or write operations to...

8.4CVSS5.9AI score0.00142EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/29 12:38 p.m.6 views

CVE-2026-54370

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/29 12:38 p.m.7 views

EUVD-2026-40086

acl before version 2.4.0 contains a time-of-check to time-of-use TOCTOU race condition vulnerability that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link between an lstat check and subsequent symlink-following operations such as stat, chown,...

7.2CVSS5.9AI score0.00091EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 12:16 p.m.2 views

UBUNTU-CVE-2026-41991

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/29 10:15 a.m.41 views

CVE-2026-41991 Predictable Temporary File in GNU gzip

GNU gzip contains a vulnerability in the gzexe utility related to insecure temporary file handling. When the mktemp utility is not available in the user’s PATH, gzexe falls back to constructing a temporary file path based solely on the process ID PID. This predictable filename is created without...

2CVSS0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 10:15 a.m.16 views

CVE-2026-41991

CVE-2026-41991 affects GNU gzip’s gzexe utility, where insecure temporary file handling creates a TOCTOU vulnerability. If mktemp is unavailable in PATH, gzexe constructs a PID-based temporary path without exclusive access or existence checks. A local attacker can pre-create the predicted path as...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/25 2:9 a.m.12 views

CVE-2026-23879

A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...

8CVSS6.1AI score0.00404EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 8:16 p.m.6 views

CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 8:16 p.m.2 views

UBUNTU-CVE-2026-23879

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS6.1AI score0.00404EPSS
Exploits0References4
CVE
CVE
added 2026/06/24 7:17 p.m.14 views

CVE-2026-23879

CVE-2026-23879 relates to py7zr, a Python library for 7z archives. Versions ≤1.1.2 contain an arbitrary file write vulnerability in extractall, where crafted symbolic link chains can bypass destination-directory checks and re-create links to arbitrary system paths. This allows writing files via s...

8CVSS6.2AI score0.00404EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 7:17 p.m.16 views

CVE-2026-23879 py7zr: Arbitrary File Write Vulnerability

py7zr is a Python-based library and utility to support 7zip archive compression, decompression, encryption and decryption. Versions 1.1.2 and below contain an an arbitrary file write vulnerability, which allows symbolic links to be recreated outside the destination directory via crafted malicious...

8CVSS0.00404EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in glib2.0

A flaw was discovered in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability enables a local attacker to...

3.7CVSS5.8AI score0.0037EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/23 6:48 p.m.5 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS5.8AI score0.00388EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 6:47 p.m.6 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.8AI score0.00292EPSS
Exploits0References8
OSV
OSV
added 2026/06/23 5:9 p.m.3 views

GHSA-89MR-XQFV-758M Gogs: UploadRepoFiles writes outside repo working tree via committed parent sym

Summary Repository.UploadRepoFiles checks for symlinks only on the leaf of the upload target osx.IsSymlinktargetPath. The siblings UpdateRepoFile, DeleteRepoFile, and GetDiffPreview use hasSymlinkInPath, which lstats every component — UploadRepoFiles is the lone outlier. An attacker with repo-wri...

9CVSS6.2AI score0.00474EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/23 1:27 a.m.4 views

samba: Missing access check on reparse point operations

A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-onl...

7.1CVSS5.8AI score0.00862EPSS
Exploits0References5
Rows per page
Query Builder