Lucene search
K

8 matches found

EUVD
EUVD
added 2 days ago5 views

EUVD-2026-42769

decompress before 4.2.2 contains an improper path containment check that enables directory traversal and arbitrary file write. The safeMakeDir function index.js line 29 and the extraction path validation index.js line 106 use String.indexOf to verify the resolved path is within the output...

6.2CVSS6AI score0.00272EPSS
Exploits0References5
OSV
OSV
added 2026/03/18 6:31 p.m.4 views

GHSA-R6QV-FRPC-Q66C Jenkins has a link following vulnerability allows arbitrary file creation

Jenkins 2.554 and earlier, LTS 2.541.2 and earlier does not safely handle symbolic links during the extraction of .tar and .tar.gz archives, allowing crafted archives to write files to arbitrary locations on the filesystem, restricted only by file system access permissions of the user running...

8.8CVSS6AI score0.01161EPSS
Exploits0References5
CVE
CVE
added 2026/02/03 12:0 a.m.49 views

CVE-2025-69429

Affected product: ORICO NAS CD3510 (versions V1.9.12 and below). Vulnerability: Incorrect Symlink Follow that lets an attacker format a USB drive (ext4), create a symbolic link to the drive’s root, insert it into the NAS, and access the symlink directory mounted on the NAS to leak or tamper with ...

6.1CVSS5.5AI score0.00281EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.3 views

MiracleLinux 9 : rpm-4.16.1.3-27.el9_3 (AXSA:2024-7473:01)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7473:01 advisory. rpm: TOCTOU race in checks for unsafe symlinks CVE-2021-35937 rpm: races with chown/chmod/capabilities calls during installation CVE-2021-35938 rpm:...

6.7CVSS7AI score0.00491EPSS
Exploits3References4
Cvelist
Cvelist
added 2025/08/13 8:55 a.m.12 views

CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

8.8CVSS0.00782EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/13 8:55 a.m.4 views

CVE-2025-55345 Unsafe symlink following in restricted workspace-write sandbox leads to RCE

Using Codex CLI in workspace-write mode inside a malicious context repo, directory, etc could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory...

8.8CVSS8.1AI score0.00782EPSS
Exploits0References2
SUSE Linux
SUSE Linux
added 2025/01/15 9:8 a.m.1 views

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12084: heap buffer overflow in checksum parsing. bsc1234100 CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. bsc1234101 CVE-2024-12086: leak of a client machine's file contents through the...

9.8CVSS7.7AI score0.72059EPSS
Exploits8References20
UbuntuCve
UbuntuCve
added 2025/01/09 12:0 a.m.7 views

CVE-2024-12088

A flaw was found in rsync. When using the --safe-links option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the...

7.5CVSS7.1AI score0.04575EPSS
Exploits0References4
Rows per page
Query Builder