Lucene search
+L

78 matches found

attackerkb
attackerkb
added 2026/06/25 1:51 a.m.7 views

CVE-2026-8662

Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...

3.3CVSS5.9AI score0.00216EPSS
Exploits0References2
osv
osv
added 2026/06/22 2:28 p.m.3 views

SUSE-SU-2026:22256-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
osv
osv
added 2026/06/22 2:28 p.m.2 views

SUSE-SU-2026:22325-1 Security update for sed

This update for sed fixes the following issue - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
nessus
nessus
added 2026/05/18 12:0 a.m.8 views

TencentOS Server 3: perl:5.32 (TSSA-2026:0325)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0325 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

5.9CVSS7.4AI score0.0037EPSS
Exploits0References2
snyk
snyk
added 2026/05/14 6:25 p.m.9 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal due to insufficient path sanitization in the osfs.ChrootOS component. An attacker can gain unauthorized access to unintended filesystem locations by supplying crafted paths containing directory traversal sequences...

8.6CVSS6.3AI score0.0031EPSS
Exploits0References2
osv
osv
added 2026/05/06 7:26 a.m.4 views

SUSE-SU-2026:1699-1 Security update for sed

This update for sed fixes the following issue: - CVE-2026-5958: a TOCTOU race can allow to read attacker-controlled content and write it to an unintended file bsc1262144...

2.1CVSS5.8AI score0.00142EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/04/22 4:9 p.m.3 views

CVE-2026-35374

A Time-of-Check to Time-of-Use TOCTOU vulnerability exists in the split utility of uutils coreutils. The program attempts to prevent data loss by checking for identity between input and output files using their file paths before initiating the split operation. However, the utility subsequently...

6.3CVSS5.8AI score0.00074EPSS
Exploits0References2
nvd
nvd
added 2026/04/08 7:25 p.m.10 views

CVE-2026-34392

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

7.5CVSS0.0025EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/04/08 5:57 p.m.2 views

CVE-2026-34392 LORIS has a path traversal in static router

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, a bug in the static file router can allow an attacker to traverse outside of the intended directory...

7.5CVSS5.9AI score0.0025EPSS
Exploits0References1
euvd
euvd
added 2026/03/27 9:31 a.m.5 views

EUVD-2025-209090

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS5.8AI score0.00283EPSS
Exploits0References2
osv
osv
added 2026/03/27 8:10 a.m.2 views

CVE-2025-59031

Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip-style attachments. Attacker can use specially crafted OOXML documents to cause unintended files on the system to be indexed and subsequently ending up in FTS indexes. Do not use the provided...

4.3CVSS5.9AI score0.00283EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/20 12:0 a.m.8 views

PT-2026-21336

Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.2.17 and earlier Description OpenClaw, a personal AI assistant, contains an issue in the skills/skill-creator/scripts/package skill.py script. This script previously followed symbolic links when creating .skill archives...

4.6CVSS6.1AI score0.00221EPSS
Exploits0References17
ptsecurity
ptsecurity
added 2026/02/11 12:0 a.m.11 views

PT-2026-7578

A path traversal vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: File Station 5...

5.3CVSS5.5AI score0.00537EPSS
Exploits0References2
nessus
nessus
added 2026/01/31 12:0 a.m.5 views

EulerOS Virtualization 2.10.0 : perl (EulerOS-SA-2026-1189)

According to the versions of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open...

5.9CVSS6AI score0.0037EPSS
Exploits0References2
astralinux
astralinux
added 2026/01/27 5:1 a.m.4 views

Astra Linux – Vulnerability in Perl

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

5.9CVSS7.7AI score0.0037EPSS
Exploits0References3
alpinelinux
alpinelinux
added 2026/01/09 7:53 a.m.3 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

9.8CVSS6AI score0.00707EPSS
Exploits1References2
susecve
susecve
added 2025/12/30 12:23 a.m.36 views

SUSE CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References3
redhatcve
redhatcve
added 2025/12/29 2:41 p.m.8 views

CVE-2025-69194

A security issue was discovered in GNU Wget2 when handling Metalink documents. The application fails to properly validate file paths provided in Metalink elements. An attacker can abuse this behavior to write files to unintended locations on the system. This can lead to data loss or potentially...

8.8CVSS6.4AI score0.00707EPSS
Exploits1References3
nvd
nvd
added 2025/12/26 12:16 a.m.15 views

CVE-2025-68937

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...

9.5CVSS0.00489EPSS
Exploits0References6
snyk
snyk
added 2025/12/26 12:12 a.m.2 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...

9.5CVSS7.1AI score0.00489EPSS
Exploits0References2
Rows per page
Query Builder