Lucene search
K

33 matches found

Snyk
Snyk
added 2026/05/13 3:29 p.m.8 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop through insufficient validation and missing safety mechanisms during symlink resolution. An attacker can cause infinite loops and resource exhaustion by providing crafted or malformed input that triggers uncontrolled...

7.5CVSS5.8AI score0.00295EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

6.7CVSS7AI score0.00491EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2025/12/22 12:14 p.m.8 views

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS5.9AI score0.02224EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/12/15 2:6 a.m.7 views

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS5.9AI score0.02224EPSS
Exploits1References5
OSV
OSV
added 2025/11/25 10:50 p.m.2 views

JLSEC-2025-326 A path traversal vulnerability exists in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS6.9AI score0.02224EPSS
Exploits1References10
NVD
NVD
added 2025/10/22 2:15 p.m.4 views

CVE-2025-61035

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...

7.7CVSS0.00135EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.2 views

EUVD-2021-1668

Malware in sbrugna...

8.6CVSS7.1AI score0.03286EPSS
Exploits0References22
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-3973

Malicious code in bioql PyPI...

7.7CVSS6.6AI score0.00455EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/13 12:0 a.m.9 views

7-Zip < 25.01

The version of 7-Zip installed on the remote host is prior to 25.01. It is, therefore, affected by a security bypass vulnerability. The code for handling symbolic links has been changed to provide greater security when extracting files from archives. Command line switch -snld20 can be used to...

3.6CVSS6.9AI score0.0069EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2025/02/06 2:33 a.m.5 views

CVE-2025-24886

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS6.7AI score0.00455EPSS
Exploits0References1
NVD
NVD
added 2025/01/30 11:15 p.m.20 views

CVE-2025-24886

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...

7.7CVSS0.00455EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/30 12:0 a.m.7 views

DOJO 安全漏洞

DOJO is an open source JavaScript toolkit from pwn.college. DOJO suffers from a security vulnerability that stems from the fact that incorrect symbolic link checking of a user-specified dojo can cause a user to execute an LFI from a CTFd container, which allows a malicious user to make a reposito...

7.7CVSS6.7AI score0.00455EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/30 12:0 a.m.5 views

PT-2025-5593 · Unknown · Pwn.College

Name of the Vulnerable Software and Affected Versions: pwn.college affected versions not specified Description: The issue is related to incorrect symlink checks on user-specified dojos, allowing users to perform a Local File Inclusion LFI from the CTFd container without requiring admin privileges...

7.7CVSS6.8AI score0.00455EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2025/01/17 12:0 a.m.4 views

The vulnerability of the `-safe-links` configuration in the rsyncd daemon’s utility for transferring and synchronizing files allows a hacker to write arbitrary files.

The vulnerability of the -safe-links configuration in the rsyncd daemon’s utility for transferring and synchronizing files involves bypassing the directory path check, resulting in the absence of symbolic link checks. Exploiting this vulnerability allows a remote attacker to write arbitrary files...

7.8CVSS7.4AI score0.04575EPSS
Exploits0References17Affected Software10
OSV
OSV
added 2025/01/14 6:15 p.m.6 views

AZL-55682 CVE-2024-12087 affecting package rsync for versions less than 3.4.1-1

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.3AI score0.02224EPSS
Exploits1References1
OSV
OSV
added 2025/01/14 6:15 p.m.0 views

ALPINE-CVE-2024-12087

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7AI score0.02224EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/04/01 12:0 a.m.5 views

The vulnerability of Engrampa archiver, related to the improper restriction of the path to the limited catalog, allows attackers to upload files to any location within the system.

The vulnerability of Engrampa archiver lies in the lack of checks for the location of symbolic links, which allows arbitrary writing of files to unintended locations. Exploiting this vulnerability could enable a malicious actor to upload files to arbitrary locations within the system...

10CVSS7.8AI score0.01652EPSS
Exploits1References4Affected Software2
OSV
OSV
added 2023/02/02 9:22 p.m.2 views

UBUNTU-CVE-2022-3560

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for...

5.5CVSS5.7AI score0.00245EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2022/06/21 12:40 p.m.4 views

nodejs-tar: Insufficient symlink protection due to directory cache poisoning using symbolic links allowing arbitrary file creation and overwrite

A flaw was found in the npm package "tar" aka node-tar. Extracting tar files that contain two directories and a symlink with names containing Unicode values that normalize to the same value on Windows systems made it possible to bypass node-tar symlink checks on directories. This allows an...

8.6CVSS7.4AI score0.0185EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2021/12/17 12:0 a.m.35 views

openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1574-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1574-1 advisory. - The parser in accepts requests with a space SP right after the header name before the colon. This can lead to HTTP Request Smuggling HRS ...

8.6CVSS8.1AI score0.03286EPSS
Exploits2References22
Rows per page
Query Builder