Lucene search
+L

10 matches found

Vulnrichment
Vulnrichment
added 2026/05/28 8:56 p.m.8 views

CVE-2026-44885 Portainer: Path traversal in backup archive extraction allows arbitrary file write

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/28 8:56 p.m.8 views

CVE-2026-44885

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, Portainer's backup restore feature accepts a .tar.gz archive and extracts it to a target...

5.9AI score0.00606EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/05/28 8:56 p.m.55 views

CVE-2026-44885

Portainer Portainer Community Edition is affected by a directory traversal in the backup archive extraction path. The vulnerable code path is ExtractTarGz in api/archive/targz.go, which builds output paths via filepath.Clean(filepath.Join(outputDirPath, header.Name)). A tar entry like ../../etc/c...

5.5CVSS5.9AI score0.00606EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2025/06/26 2:46 p.m.2 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...

6.8CVSS6.8AI score0.00195EPSS
Exploits1References2
Snyk
Snyk
added 2025/06/26 2:46 p.m.1 views

Incorrect Default Permissions

Overview Affected versions of this package are vulnerable to Incorrect Default Permissions in the process that handles file uploads and database creation. An attacker can gain unauthorized access to sensitive files by leveraging default file permissions that allow any operating system account to...

6.8CVSS6.8AI score0.00195EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/06/26 2:35 p.m.3 views

CVE-2025-52900 File Browser has Insecure File Permissions

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...

5.5CVSS7.1AI score0.00195EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/06/26 2:35 p.m.11 views

CVE-2025-52900 File Browser has Insecure File Permissions

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the...

5.5CVSS0.00195EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2023/07/04 12:0 a.m.37 views

EulerOS 2.0 SP11 : git (EulerOS-SA-2023-2265)

According to the versions of the git packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33....

7.5CVSS7.2AI score0.01144EPSS
Exploits3References3
ALT Linux
ALT Linux
added 2023/02/20 12:0 a.m.160 views

Security fix for the ALT Linux 10 package git version 2.33.7-alt1

2.33.7-alt1 built Feb. 20, 2023 Dmitry V. Levin in task 315248 Feb. 6, 2023 Dmitry V. Levin - 2.33.6 - 2.33.7 fixes: CVE-2023-22490, CVE-2023-23946...

6.6AI score0.01144EPSS
Exploits3
AlpineLinux
AlpineLinux
added 2023/02/14 7:48 p.m.38 views

CVE-2023-23946

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

7.5CVSS7AI score0.01144EPSS
Exploits3
Rows per page
Query Builder