Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
12604
Total
849
Critical
3630
High
3947
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-35361 | LOW | 3.4 | The mknod utility in uutils coreutils fails to handle security labels atomically by creating device nodes before setting the SELinux context. If labeling fails, the … | Apr 22, 2026 |
| CVE-2026-35360 | MEDIUM | 6.3 | The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing … | Apr 22, 2026 |
| CVE-2026-35359 | MEDIUM | 4.7 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a … | Apr 22, 2026 |
| CVE-2026-35358 | MEDIUM | 4.4 | The cp utility in uutils coreutils, when performing recursive copies (-R), incorrectly treats character and block device nodes as stream sources rather than preserving them. … | Apr 22, 2026 |
| CVE-2026-35357 | MEDIUM | 4.7 | The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before … | Apr 22, 2026 |
| CVE-2026-35356 | MEDIUM | 6.3 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and … | Apr 22, 2026 |
| CVE-2026-35355 | MEDIUM | 6.3 | The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination … | Apr 22, 2026 |
| CVE-2026-35354 | MEDIUM | 4.7 | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple … | Apr 22, 2026 |
| CVE-2026-35353 | LOW | 3.3 | The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently … | Apr 22, 2026 |
| CVE-2026-35352 | HIGH | 7.0 | A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mkfifo utility of uutils coreutils. The utility creates a FIFO and then performs a path-based … | Apr 22, 2026 |
| CVE-2026-35351 | MEDIUM | 4.2 | The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine … | Apr 22, 2026 |
| CVE-2026-35350 | MEDIUM | 6.6 | The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, … | Apr 22, 2026 |
| CVE-2026-35349 | MEDIUM | 6.7 | A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing … | Apr 22, 2026 |
| CVE-2026-35348 | MEDIUM | 5.5 | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces … | Apr 22, 2026 |
| CVE-2026-35347 | MEDIUM | 4.4 | The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both … | Apr 22, 2026 |
| CVE-2026-35346 | LOW | 3.3 | The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid … | Apr 22, 2026 |
| CVE-2026-35345 | MEDIUM | 5.3 | A vulnerability in the tail utility of uutils coreutils allows for the exfiltration of sensitive file contents when using the --follow=name option. Unlike GNU tail, … | Apr 22, 2026 |
| CVE-2026-35344 | LOW | 3.3 | The dd utility in uutils coreutils suppresses errors during file truncation operations by unconditionally calling Result::ok() on truncation attempts. While intended to mimic GNU behavior … | Apr 22, 2026 |
| CVE-2026-35343 | LOW | 3.3 | The cut utility in uutils coreutils incorrectly handles the -s (only-delimited) option when a newline character is specified as the delimiter. The implementation fails to … | Apr 22, 2026 |
| CVE-2026-35342 | LOW | 3.3 | The mktemp utility in uutils coreutils fails to properly handle an empty TMPDIR environment variable. Unlike GNU mktemp, which falls back to /tmp when TMPDIR … | Apr 22, 2026 |
| CVE-2026-35341 | HIGH | 7.1 | A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a … | Apr 22, 2026 |
| CVE-2026-35340 | MEDIUM | 5.5 | A flaw in the ChownExecutor used by uutils coreutils chown and chgrp causes the utilities to return an incorrect exit code during recursive operations. The … | Apr 22, 2026 |
| CVE-2026-35339 | MEDIUM | 5.5 | The recursive mode (-R) of the chmod utility in uutils coreutils incorrectly handles exit codes when processing multiple files. The final return value is determined … | Apr 22, 2026 |
| CVE-2026-35338 | HIGH | 7.3 | A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path … | Apr 22, 2026 |
| CVE-2026-32885 | MEDIUM | 6.5 | DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` … | Apr 22, 2026 |