|
1021
|
9.8 |
CRITICAL
Network
|
-
|
-
|
ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to …
|
CWE-326
Inadequate Encryption Strength
|
CVE-2018-25272
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1022
|
6.5 |
MEDIUM
Network
|
-
|
-
|
DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/…
|
CWE-22
Path Traversal
|
CVE-2026-32885
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1023
|
7.3 |
HIGH
Local
|
-
|
-
|
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not …
|
CWE-22
Path Traversal
|
CVE-2026-35338
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1024
|
5.5 |
MEDIUM
Local
|
-
|
-
|
The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined solely by the success or failure o…
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-35339
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1025
|
5.5 |
MEDIUM
Local
|
-
|
-
|
A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The final exit code is determined only by the l…
|
CWE-253
Incorrect Check of Function Return Value
|
CVE-2026-35340
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1026
|
3.3 |
LOW
Local
|
-
|
-
|
The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR is an empty string, the uutils implementa…
|
CWE-377
Insecure Temporary File
|
CVE-2026-35342
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1027
|
3.3 |
LOW
Local
|
-
|
-
|
The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to verify the only_delimited fl…
|
CWE-670
Always-Incorrect Control Flow Implementation
|
CVE-2026-35343
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1028
|
3.3 |
LOW
Local
|
-
|
-
|
The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior for special…
|
CWE-252
Unchecked Return Value
|
CVE-2026-35344
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1029
|
3.3 |
LOW
Local
|
-
|
-
|
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b…
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-35346
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1030
|
4.4 |
MEDIUM
Local
|
-
|
-
|
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
|
CWE-20
Improper Input Validation
|
CVE-2026-35347
|
2026-04-23 06:23 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
