Lucene search
+L

79 matches found

OSV
OSV
added 2026/07/07 12:0 p.m.4 views

OSEC-2026-10 opam install sandbox escape using symlinks

Summary Installing files through .install files do not check symlinks resolution of the target path, and so can bypass sandboxing. Exploit Let's imagine a test package whose test.install file looks like the following: shareroot: "test" "blah/pwnd" and test.opam file: opam-version: "2.0" install:...

5.7CVSS6.1AI score
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/06/11 11:14 a.m.12 views

SUSE CVE-2026-49219

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched i...

5.5CVSS5.2AI score0.00128EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/05/21 8:2 a.m.14 views

Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

...

7.8CVSS5.8AI score0.00152EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/11 12:29 a.m.5 views

CVE-2026-40354

Flatpak xdg-desktop-portal before 1.20.4 and 1.21.x before 1.21.1 allows any Flatpak app to trash any file in the host context via a symlink attack on gfiletrash...

2.9CVSS5.8AI score0.00128EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2026/02/14 12:23 a.m.6 views

SUSE CVE-2026-26158

A flaw was found in BusyBox. This vulnerability allows an attacker to modify files outside of the intended extraction directory by crafting a malicious tar archive containing unvalidated hardlink or symlink entries. If the tar archive is extracted with elevated privileges, this flaw can lead to...

7CVSS5.5AI score0.0016EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.7 views

MiracleLinux 7 : samba-4.2.3-12.el7 (AXSA:2016-138:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-138:02 advisory. Samba is the standard Windows interoperability suite of programs for Linux and Unix. Security issues fixed with this release: CVE-2015-7560 The SMB1...

6.5CVSS6.9AI score0.12938EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.7 views

MiracleLinux 4 : xorg-x11-server-1.10.6-1.0.1.AXS4 (AXSA:2012-767:04)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-767:04 advisory. X.Org X11 X server Security issues fixed with this release: CVE-2011-4028 The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows...

1.9CVSS5.8AI score0.00605EPSS
Exploits5References3
Tenable Nessus
Tenable Nessus
added 2025/12/22 12:0 a.m.4 views

AlmaLinux 8 : git-lfs (ALSA-2025:23745)

The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:23745 advisory. git-lfs: Git LFS may write to arbitrary files via crafted symlinks CVE-2025-26625 Tenable has extracted the preceding description block directly from the AlmaLinu...

8.6CVSS5.2AI score0.00697EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/20 9:30 p.m.6 views

EUVD-2025-204643

Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations without impersonating...

8.5CVSS6.5AI score0.00095EPSS
Exploits0References3
Snyk
Snyk
added 2025/12/16 8:52 p.m.4 views

Time-of-check Time-of-use (TOCTOU) Race Condition

Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during lock file creation. An attacker can corrupt or truncate arbitrary files by exploiting a race condition between the existence check and file opening with OTRUNC, allowing the creatio...

6.5CVSS6.6AI score0.00187EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2025/11/22 5:58 p.m.179 views

Exploit for CVE-2025-11001

Usage: python3 exploit.py -t "C:\Users\pac\Desktop" -o de...

7CVSS6.9AI score0.27357EPSS
Exploits11
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2003-0541

Malware in sbrugna...

2.1CVSS6.3AI score0.00374EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2002-2189

Malware in sbrugna...

6.2CVSS6.4AI score0.00385EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2001-0125

Malware in sbrugna...

1.2CVSS6.4AI score0.00304EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-5698

Malware in sbrugna...

5CVSS6.3AI score0.01709EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-7623

Malware in sbrugna...

7.8CVSS7.6AI score0.00572EPSS
Exploits1References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-29676

Malware in sbrugna...

5.6CVSS5AI score0.00344EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-30679

Malware in sbrugna...

7.8CVSS7.3AI score0.00388EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2011-5224

Malware in sbrugna...

7.5CVSS6.5AI score0.07176EPSS
Exploits3References13
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2002-0330

Malware in sbrugna...

5CVSS6.4AI score0.02628EPSS
Exploits1References6
Rows per page
Query Builder