Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

136 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:46 p.m.6 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.5AI score0.00197EPSS
Exploits0References1
NVD
NVDadded 2026/05/26 6:16 p.m.22 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS0.00197EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/26 5:57 p.m.5 views

CVE-2026-42448

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/26 5:57 p.m.7 views

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
CVE
CVEadded 2026/05/26 5:57 p.m.29 views

CVE-2026-42448

CVE-2026-42448 affects the Python package magic-wormhole . A vulnerability in the receive path occurs when the receiver specifies --output and that target directory already exists, enabling a path traversal. Documentation in multiple sources confirms this flaw and its fix: upgrade to version 0.2...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/26 5:57 p.m.41 views

CVE-2026-42448 wormhole receive, with --output pointing at an existing directory can be path-traversed

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS0.00197EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/26 5:57 p.m.10 views

EUVD-2026-31947

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. Prior to 0.24.0, there is a path traversal when a receiver who specifies "--output " where that output directory currently exists as a directory. This vulnerability is fixed in 0.24.0...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/05/26 12:0 a.m.5 views

Magic Wormhole 路径遍历漏洞

Magic Wormhole is an open-source, secure cross-computer file transfer tool. Versions of Magic Wormhole prior to 0.24.0 contained a path traversal vulnerability, which was due to the possibility of path traversal when the recipient specified an output directory...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References1
vulnersOsv
vulnersOsvadded 2026/05/06 8:40 p.m.5 views

dropship (=0.0.5), openadapt (>=0.15.1 <=0.46.0) +3 more potentially affected by CVE-2026-42448 via magic-wormhole (>=0.11.2 <=0.13.0)

magic-wormhole PYPI version =0.11.2, =0.15.1, =0.1.0, =0.1.0, =0.2.0, =0.7.0 Source cves: CVE-2026-42448 Source advisory: SNYK:PYTHON-MAGICWORMHOLE-16438994...

3.5CVSS5.8AI score0.00197EPSS
Exploits0
OSV
OSVadded 2026/05/06 8:40 p.m.5 views

GHSA-CF92-GFCW-6V53 Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/05/06 8:40 p.m.6 views

Magic Wormhole: receive, with --output pointing at an existing directory can be path-traversed

Impact A receiver who specifies "--output " where that output directory currently exists as a directory. Patches 0.24.0 will contain the patch Workarounds Ensure local target directories specified by "--output" do not already exist Resources Private email and Signal communications from a user...

3.5CVSS5.8AI score0.00197EPSS
Exploits0References3Affected Software1
Snyk
Snykadded 2026/05/06 8:40 p.m.6 views

Directory Traversal

Overview magic-wormhole is a Securely transfer data between computers Affected versions of this package are vulnerable to Directory Traversal via the receive process when the --output parameter is set to an existing directory. An attacker can overwrite files outside the intended directory by...

5.1CVSS6.3AI score0.00197EPSS
Exploits0References2
Talos Blog
Talos Blogadded 2026/04/30 6:0 p.m.4 views

Great responsibility, without great power

Welcome to this week's edition of the Threat Source newsletter. As I'm writing this, today April 28 is International Superhero Day. If you don't know the origin story behind this, perhaps you would assume that this day was dreamed up by Marvel. And… you would be correct. However, it's not a pure...

9.8CVSS6.7AI score0.93107EPSS
Exploits6
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.2 views

CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References1
EUVD
EUVDadded 2026/03/13 3:40 p.m.3 views

EUVD-2026-11643

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite...

8.2CVSS5.9AI score0.0035EPSS
Exploits0References2
Snyk
Snykadded 2026/03/13 3:40 p.m.6 views

Directory Traversal

Overview magic-wormhole is a Securely transfer data between computers Affected versions of this package are vulnerable to Directory Traversal via the wormhole receive process. An attacker can overwrite arbitrary files on the local system by sending a crafted filename during file transfer. This is...

8.2CVSS6.3AI score0.0035EPSS
Exploits0References2
OSV
OSVadded 2026/03/13 3:40 p.m.7 views

GHSA-4G4C-MFQG-PJ8R Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

8.2CVSS5.7AI score0.0035EPSS
Exploits0References3
Github Security Blog
Github Security Blogadded 2026/03/13 3:40 p.m.4 views

Magic Wormhole: "wormhole receive" allows arbitrary local file overwrite

Impact What kind of vulnerability is it? Who is impacted? Receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This could be used to compromise the receiver's computer. Only the sender of the file th...

8.2CVSS5.7AI score0.0035EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessusadded 2026/03/13 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32116

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file...

8.2CVSS5.8AI score0.0035EPSS
Exploits0References2
NVD
NVDadded 2026/03/12 6:16 p.m.3 views

CVE-2026-32116

Magic Wormhole makes it possible to get arbitrary-sized files and directories from one computer to another. From 0.21.0 to before 0.23.0, receiving a file wormhole receive from a malicious party could result in overwriting critical local files, including /.ssh/authorizedkeys and .bashrc. This cou...

8.2CVSS0.0035EPSS
Exploits0References1
Rows per page
Query Builder