4699 matches found
CVE-2026-54250
K3s is a fully conformant production-ready Kubernetes distribution. Prior to 1.35.3+k3s1, 1.34.6+k3s1, v1.33.10+k3s1, a path traversal vulnerability exists in K3s's etcd snapshot decompression functionality. Zip files containing archive members with maliciously crafted names can be written to...
postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
A flaw was found in PostgreSQL. An integer overflow in multiple server features allows an unprivileged database user to cause an undersized memory allocation that leads to an out-of-bounds write. This issue allows an attacker to execute arbitrary code as the operating system user running the...
EUVD-2026-39405
In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the...
CVE-2026-8662
Path Traversal vulnerability in the createarchive function of Rapid7 InsightConnect Compression Plugin on Linux allows authenticated attackers to write to unintended file paths via crafted filename input. The impact is limited to file corruption as content cannot be controlled by the attacker...
CVE-2026-23879
A flaw was found in py7zr. An attacker can craft a malicious archive containing symbolic links that, when extracted, can lead to arbitrary file writes outside the intended directory. This vulnerability may allow for remote code execution, privilege escalation, data corruption, or denial of servic...
PT-2026-52514
Name of the Vulnerable Software and Affected Versions pnpm versions prior to 10.34.0 pnpm versions prior to 11.4.0 Description The patch application pipeline @pnpm/patch-package fails to validate file paths extracted from .patch files. An attacker can provide a malicious patch file containing...
PT-2026-52583
Name of the Vulnerable Software and Affected Versions qrscp affected versions not specified Description The C-STORE handler in the qrscp application fails to sanitize specific instances within attacker-supplied DICOM Digital Imaging and Communications in Medicine datasets. These unsanitized value...
PT-2026-52616
Name of the Vulnerable Software and Affected Versions Flowise affected versions not specified Description An unauthenticated path traversal issue exists in the '/api/v1/document-store/loader/process' endpoint. This flaw allows attackers to write arbitrary files to the filesystem by using...
Linux Distros Unpatched Vulnerability : CVE-2026-53064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lo...
EUVD-2026-38932
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix null-deref with concurrent writes in passthrough mode In passthrough mode, when dm-cache starts to invalidate a cache entry and bio prison cell lock fails due to concurrent write to the same cached block, mg-cell...
EUVD-2026-38930
In the Linux kernel, the following vulnerability has been resolved: dm cache policy smq: fix missing locks in invalidating cache blocks In passthrough mode, the policy invalidatemapping operation is called simultaneously from multiple workers, thus it should be protected by a lock. Otherwise, we...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Shmem writes are flushed before mapping buffers with cached mappings. The shmem layer zeroes out new pages using cached mappings. If we do not flush these writes using the CPU, we might leave dirty cachelines behind,...
Astra Linux – Vulnerability in alsa-lib
Versions of alsa-lib from 1.2.2 up to and including 1.2.15.2, prior to the release of 5f7fe33, contain a heap-based buffer overflow in the topology mixer control decoder. The tplgdecodecontrolmixer1 function reads the numchannels field from untrusted .tplg data and uses it as a loop bound without...
CVE-2026-11968 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') in TortoiseGit
Argument Injection in TortoiseGitBlame via Malicious Git History Filenames Leads to Arbitrary File Write in TortoiseGit...
Directory Traversal
Overview n8n-nodes-base is a Base nodes of n8n Affected versions of this package are vulnerable to Directory Traversal via the Clone or Push operations in the Git node when a local filesystem path is supplied as the source or target repository, bypassing the intended file sandbox. An attacker can...
Glances has arbitrary file write and command execution via `secure_popen` redirection and chaining operators in AMP command configuration
Summary The securepopen function in glances/secure.py interprets file redirection, | pipe, and && command chaining operators in command strings. These operators are applied without any validation on the target file path, piped command, or chained command. When Application Monitoring Process AMP...
CVE-2026-12958
Missing symlink validation in Language Servers for AWS may allow an arbitrary file write outside of the workspace trust boundary. This may occur when a local user opens a workspace with a maliciously crafted symlink that resolves to a file path outside the workspace trust boundary. To remediate...
CVE-2026-11940
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Summary Organization names containing path traversal sequences ../ are accepted by Gogs, and repositories under them are written to paths following these path traversals. This allows storing/retrieving data for repositories at arbitrary locations on the filesystem. By creating nested structure of...
EUVD-2026-38490
tarfile.extractall with the 'data' or 'tar' filter could be bypassed by a crafted archive where a hardlink references a symlink stored at a deeper name than the hardlink itself. The extraction fallback validated the symlink at it's archived location but recreated it at the hardlink's shallower...