The kubectl cp command allows copying files between containers and the user machine. To copy fi…

The kubectl cp command allows copying files between containers and the user machine. To copy fi…

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possib…

A symlink following vulnerability was found in Samba, where a user can create a symbolic link t…

The Kubernetes kubectl cp command in versions 1.1-1.12, and versions prior to 1.13.11, 1.14.7, …

A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.…

A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbo…

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the Flat…

Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote auth…

Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote au…

A vulnerability in the Secure FTP (SFTP) of Cisco StarOS for Cisco ASR 5000 Series Routers coul…

A race condition in the postgresql init script could be used by attackers able to access the po…

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.4…

Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could…

readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file.

An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows atta…

runc is a CLI tool for spawning and running containers according to the OCI specification. In v…

LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mi…

aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions on …

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build proces…

HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnera…

A vulnerability was found in Pagure. Support of symbolic links during repository archiving of r…

After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI)…

`@npmcli/arborist`, the library that calculates dependency trees and manages the `node_modules`…

Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PC…

runc is a CLI tool for spawning and running containers according to the OCI specification. In v…

runc is a CLI tool for spawning and running containers according to the OCI specification. Vers…

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of syslog-ng of SUSE Li…

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules f…

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of open…

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing set…

Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.22…

Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server…

A UNIX Symbolic Link (Symlink) Following vulnerability in openSUSE Tumbleweed cyrus-imapd allow…

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow …

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Ser…

A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15…

pwn.college is an education platform to learn about, and practice, core cybersecurity concepts …

The txtai framework allows the loading of compressed tar files as embedding indices. While the …

Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registr…