Lucene search
K

8 matches found

CVE
CVE
added 6 days ago13 views

CVE-2026-55700

pnpm stage download (affecting 11.3.0–11.5.3) allowed a crafted manifest to derive a local filename from package name and version, enabling the download to escape the target directory and overwrite a reachable file. The merged fix validates both fields, derives a single safe filename, and verifie...

7.1CVSS5.8AI score0.00267EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/04/03 3:30 p.m.5 views

EUVD-2025-209206

An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal...

8.3CVSS5.9AI score0.00655EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 4:13 p.m.4 views

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal vulnerability in archive extraction allows a specifically crafted Zarf package to create symlinks pointing outside the destination directory, enabling arbitrary file read or...

8.2CVSS5.8AI score0.0022EPSS
Exploits1References3Affected Software1
RedHat Linux
RedHat Linux
added 2025/12/22 11:41 a.m.4 views

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS5.9AI score0.02224EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/03/11 12:23 a.m.5 views

rsync: Path traversal vulnerability in rsync

A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...

7.5CVSS7.4AI score0.02224EPSS
Exploits1References5
OSV
OSV
added 2021/08/27 3:15 p.m.3 views

ALPINE-CVE-2021-40153

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.9AI score0.025EPSS
Exploits1References1
OSV
OSV
added 2021/08/27 3:15 p.m.6 views

AZL-7463 CVE-2021-40153 affecting package squashfs-tools for versions less than 4.5.1-1

squashfsopendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations...

8.1CVSS6.6AI score0.025EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2019/09/10 12:0 a.m.3 views

PT-2019-6092 · Unknown +9 · Squashfs-Tools +9

Name of the Vulnerable Software and Affected Versions: Squashfs-Tools version 4.5 Description: The issue is related to the squashfs opendir function in the unsquash-1.c component of Squashfs-Tools. This function stores the filename in the directory entry, which is then used by unsquashfs to creat...

8.1CVSS6.5AI score0.0691EPSS
Exploits2References105
Rows per page
Query Builder