Lucene search
K

1617 matches found

CVE
CVE
added 6 days ago12 views

CVE-2026-14361

The CVE-2026-14361 issue affects consul-template prior to 0.42.1, where the writeToFile helper opens the destination path directly and follows links in the path. This can allow template output to be written outside the intended directory or overwrite an existing file. The root cause is path redir...

4.7CVSS5.9AI score0.00105EPSS
Exploits0References1
OSV
OSV
added last week7 views

PYSEC-2026-1568 LlamaIndex is vulnerable to Path Traversal attack through its ObsidianReader class

A vulnerability in the ObsidianReader class in LlamaIndex Readers Integration: Obsidian before version 0.5.1 from the run-llama/llamaindex repository versions 0.12.23 to 0.12.28 allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths...

7.5CVSS7.1AI score0.00555EPSS
Exploits1References8
OSV
OSV
added 2026/07/06 8:27 p.m.4 views

GHSA-MP2F-45PM-3CG9 Decompress: Archive extraction can create files and links outside of the target directory

Impact When extracting an archive to a directory, a crafted archive can read or write files outside that directory. The flaw is in the code that writes the parsed entries, so it affects every format decompress handles: tar, tar.gz, tar.bz2, and zip by default, plus any others added through the...

9.1CVSS6AI score
Exploits0References5
NVD
NVD
added 2026/07/06 8:16 p.m.5 views

CVE-2026-58403

Hugo is a static site generator. From v0.123.0 through v0.163.0, Hugo's virtual filesystem is designed so that files under a mount cannot reach outside the mount tree, but a regression caused RootMappingFs.statRoot to call Stat, which follows symlinks, instead of Lstat, so a direct os.ReadFile...

6.5CVSS0.00318EPSS
Exploits0References4
OSV
OSV
added 2026/07/06 3:21 p.m.7 views

CVE-2026-59195 pnpm: Path traversal in configDependencies env lockfile allows symlink creation outside node_modules/.pnpm-config

pnpm is a package manager. Prior to 10.34.4 and 11.8.0, pnpm accepts package names from the env lockfile configDependencies section and uses those names directly when creating config dependency symlinks under nodemodules/.pnpm-config. A malicious repository can commit a crafted pnpm-lock.yaml who...

8.2CVSS6AI score0.00257EPSS
Exploits1References3
EUVD
EUVD
added 2026/07/06 2:24 p.m.13 views

EUVD-2026-41878

pydantic-settings provides settings management using Pydantic. From 2.12.0 until 2.14.2, NestedSecretsSettingsSource reads secret values from files in a configured secretsdir. When secretsnestedsubdir=True, a directory entry inside secretsdir that is a symbolic link pointing outside secretsdir is...

5.3CVSS6AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/07/06 1:22 p.m.6 views

CVE-2026-50016

A flaw was found in pnpm, a package manager. This vulnerability allows a malicious registry package to include specially crafted dependency aliases that contain path traversal segments. During the installation process, pnpm incorrectly processes these aliases, which can lead to the replacement of...

8.8CVSS6.2AI score0.00326EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/07/06 3:45 a.m.6 views

flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...

10CVSS7.7AI score0.0168EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.12 views

PT-2026-55947

Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.4 pnpm versions prior to 11.8.0 Description pnpm accepts package names from the configDependencies section of the env lockfile and uses them directly when creating config dependency symlinks under node...

8.2CVSS6AI score0.00257EPSS
Exploits1References5
OSV
OSV
added 2026/07/05 12:5 p.m.4 views

RLSA-2026:30857 Important: perl-Archive-Tar security update

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

8.2CVSS6.1AI score0.0043EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/05 12:5 p.m.6 views

perl-Archive-Tar security update

An update is available for perl-Archive-Tar. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Archive::Tar provides an object oriented mechanism for handling tar...

9.1CVSS7.2AI score0.0043EPSS
Exploits0
CVE
CVE
added 2026/07/03 8:19 p.m.16 views

CVE-2026-25718

Gitea prior to version 1.25.5 is affected by a symlink-based path resolution issue during template repository generation, allowing template processing to read or write via symlinked/non-regular paths. The vulnerability affects Gitea core components used for template repository generation (e.g., m...

9.1CVSS5.9AI score0.00428EPSS
Exploits0References4
OSV
OSV
added 2026/07/03 8:19 p.m.3 views

CVE-2026-25718 Gitea template repository generation mishandles symlinked paths

Gitea versions before 1.25.5 mishandle path resolution during template repository generation, allowing template processing to read or write through symlinked or otherwise non-regular paths...

9.1CVSS5.9AI score0.00428EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55594

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Improper path resolution occurs during the generation of template repositories. This allows template processing to read or write data through symlinks or other non-regular paths, potentially leading t...

9.1CVSS6.1AI score0.00428EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/07/03 12:0 a.m.9 views

Cursor < 3.0 Multiple Sandbox Escapes

The version of Cursor installed on the remote host is prior to 3.0. It is, therefore, affected by multiple vulnerabilities: - A flaw in the agent sandbox allows a malicious agent to manipulate the workingdirectory parameter, causing the sandbox to include writable paths outside the intended...

9.8CVSS6.9AI score0.00638EPSS
Exploits0References4
OSV
OSV
added 2026/07/01 12:3 p.m.3 views

RLSA-2026:30856 Important: perl-Archive-Tar security update

Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support...

8.2CVSS7.3AI score0.0043EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/07/01 12:3 p.m.5 views

perl-Archive-Tar security update

An update is available for perl-Archive-Tar. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Archive::Tar provides an object oriented mechanism for handling tar...

9.1CVSS7.3AI score0.0043EPSS
Exploits0
NVD
NVD
added 2026/07/01 2:17 a.m.11 views

CVE-2026-41579

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS0.00222EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/01 12:2 a.m.6 views

EUVD-2026-40859

runc is a CLI tool for spawning and running containers according to the OCI specification. In versions prior to 1.3.6, 1.4.0-rc.1, 1.4.0-rc.12, 1.5.0-rc.1, and 1.5.0-rc.1, when setting up the container rootfs, setupPtmx and setupDevSymlinks call os.Remove and os.Symlink with a filepath.Join strin...

3.3CVSS5.9AI score0.00222EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/30 8:20 p.m.10 views

CVE-2026-55607

A flaw was found in Claude Code, an agentic coding tool, in its handling of worktrees. This vulnerability allowed the creation of specially named worktrees and navigation outside of the intended secure environment, leading to what is known as a 'git directory confusion attack'. By manipulating...

8.8CVSS6.1AI score0.00765EPSS
Exploits0References4
Rows per page
Query Builder