Lucene search
+L

14 matches found

OSV
OSV
added 3 days ago4 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS6.1AI score0.00343EPSS
Exploits1References6
Cvelist
Cvelist
added 3 days ago35 views

CVE-2026-54572 rclone: Unvalidated symlink target in local `--links` — arbitrary file write from an untrusted remote

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Prior to 1.74.4, with -l/--links, rclone serializes symlinks as .rclonelink text objects and recreates them on a local destination without validating the target, allowing an...

7.5CVSS0.00343EPSS
Exploits1References4
NVD
NVD
added 2026/03/29 1:15 a.m.11 views

CVE-2026-4851

GRID::Machine versions through 0.127 for Perl allows arbitrary code execution via unsafe deserialization. GRID::Machine provides Remote Procedure Calls RPC over SSH for Perl. The client connects to remote hosts to execute code on them. A compromised or malicious remote host can execute arbitrary...

9.8CVSS0.0047EPSS
Exploits0References2
NVD
NVD
added 2026/01/15 8:16 p.m.5 views

CVE-2026-23746

Entrust Instant Financial Issuance IFI On Premise software formerly referred to as CardWizard versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service DCG.SmartCardControllerService.exe. The service registers a TCP remoting...

9.3CVSS0.00861EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/16 3:27 p.m.5 views

CVE-2025-68269

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

5.4CVSS6.6AI score0.00091EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.8 views

PT-2025-51720

In JetBrains IntelliJ IDEA before 2025.3 missing confirmation allowed opening of untrusted remote projects over SSH...

5.4CVSS7AI score0.00091EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-27271

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.00627EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/02/24 12:8 a.m.7 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.7AI score0.99931EPSS
Exploits42References7
RedHat Linux
RedHat Linux
added 2023/05/24 5:13 p.m.7 views

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

9.8CVSS7.4AI score0.99931EPSS
Exploits42References7
OSV
OSV
added 2023/05/08 5:54 p.m.23 views

CVE-2023-30844 Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints

Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in mutagen and prior to version 0.17.1 in mutagen-compose, Mutagen list and monitor commands are susceptible to control characters that could be provided by remote...

3CVSS9AI score0.0074EPSS
Exploits0References5
NVD
NVD
added 2019/12/13 1:15 p.m.35 views

CVE-2019-18802

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send an HTTP header such as Host with whitespace after the header content. Envoy will treat "header-value " as a different string from "header-value" so for example with the Host header "example.com " one could bypass...

9.8CVSS9.5AI score0.02457EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2019/12/10 11:20 p.m.42 views

CVE-2019-18801

An issue was discovered in Envoy 1.12.0. An untrusted remote client may send HTTP/2 requests that write to the heap outside of the request buffers when the upstream is HTTP/1. This may be used to corrupt nearby heap contents leading to a query-of-death scenario or may be used to bypass Envoy's...

9.8CVSS2.7AI score0.02502EPSS
Exploits1References5
NVD
NVD
added 2012/07/19 7:55 p.m.13 views

CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

6.8CVSS7.9AI score0.04047EPSS
Exploits0References8
Cvelist
Cvelist
added 2012/07/19 7:0 p.m.25 views

CVE-2012-4024

Stack-based buffer overflow in the getcomponent function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file aka a crafted file for the -ef option. NOTE: probably in most cases, the list file is a trusted file...

7.7AI score0.04047EPSS
Exploits0References8
Rows per page
Query Builder