CVE-2026-42866 - Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename
CVE ID :CVE-2026-42866 Published : May 11, 2026, 6:23 p.m. | 42 minutes ago Description :Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's write_txt, write_csv, write_json, and (commented-but-shipping) scan_file helpers open their output as open(f"{us
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Google says hackers used AI to exploit ‘zero-day’ flaw
- [CYBER] CVE-2026-42871 - WeGIA: Error Handling familiar_docfamiliar
- [CYBER] Google says hacker used Mythos-like AI for zero-day exploit
- [CYBER] CVE-2026-42864 - FireFighter: Unauthenticated SSRF in Raid jira_bot endpoint allows IAM credential theft
- [CYBER] CVE-2026-8305 - OpenClaw bluebubbles Webhook monitor.ts handleBlueBubblesWebhookRequest improper authentication
- [CYBER] CVE-2026-7308 - Nexus Repository 3 - Stored Cross-Site Scripting (XSS) via HTML Browse Page