Lucene search
K

2361 matches found

CVE
CVE
added 2026/05/13 10:6 p.m.25 views

CVE-2026-29205

The CVE-2026-29205 issue affects cPanel & WHM. The vulnerability arises from incorrect privileges management and insufficient path filtering, enabling an attacker to read arbitrary files on the server via the cpdavd attachment download endpoints. PT Security reports indicate multiple vulnerabilit...

8.6CVSS5.9AI score0.07244EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/13 9:32 p.m.13 views

EUVD-2025-209828

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

5.9AI score0.00387EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:12 p.m.8 views

CVE-2026-20916

An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

8.1CVSS6AI score0.00366EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/13 8:0 a.m.40 views

CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

8.4CVSS0.00368EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/13 12:0 a.m.41 views

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

0.00387EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.17 views

CVE-2025-27850

CVE-2025-27850 affects Garmin WDU servers (versions v1 1.4.6 and v2 5.0). A symlink attack is possible when a malicious graphics package containing symlinks is uploaded; the web server follows the provided links while serving content, and there are no restrictions on link targets. This allows an ...

7.5CVSS5.9AI score0.00387EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.12 views

PT-2026-40631

Name of the Vulnerable Software and Affected Versions BIG-IQ affected versions not specified Description An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST endpoint on the BIG-IQ system. Recommendations At the moment,...

8.1CVSS5.9AI score0.00366EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.10 views

CVE-2025-27850

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links when serving content. No mechanisms to restrict those link targets to a specific area of the...

5.9AI score0.00387EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.16 views

PT-2026-40795

Name of the Vulnerable Software and Affected Versions Garmin WDU version 1.4.6 Garmin WDU version 5.0 Description The locally served web site allows a symlink attack, which occurs when a system follows a symbolic link a file that points to another file or directory to access locations outside the...

7.5CVSS5.5AI score0.00387EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.15 views

HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References4Affected Software1
Snyk
Snyk
added 2026/05/12 9:20 p.m.9 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/shim to version 0.1.2 or...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/12 8:16 p.m.11 views

CVE-2026-8052

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.8AI score0.00129EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:9 p.m.6 views

CVE-2026-8052

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:59 p.m.6 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/12 6:59 p.m.9 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.17 views

Hugo 路径遍历漏洞

Hugo is a framework based on the Go language used by the Gohugoio community for quickly generating static websites. Versions of Hugo from 0.43 to 0.161.0 had a path traversal vulnerability. This vulnerability occurred due to the lack of restrictions on file system access when calling Node tools,...

8.6CVSS5.9AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 9:18 p.m.8 views

CVE-2026-28910

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files...

3.3CVSS0.00119EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/11 8:8 p.m.30 views

CVE-2026-28910

This issue was addressed with improved permissions checking. This issue is fixed in macOS Tahoe 26.4. A malicious app may be able to access arbitrary files...

0.00119EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/08 2:16 p.m.10 views

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

7.5CVSS5.9AI score0.00388EPSS
Exploits0References3
OSV
OSV
added 2026/05/08 10:39 a.m.6 views

SUSE-SU-2026:1764-1 Security update for vim

This update for vim fixes the following issue: Security fixes: - CVE-2026-39881: command injection in NetBeans interface can lead to arbitrary file reads and writes bsc1261833. Other fixes: - Update to 9.2.0398. 9.2.0398: MS-Windows: missing strptime support 9.2.0397: tabpanel: double-click opens...

7.8CVSS6.2AI score0.0062EPSS
Exploits0References3
Rows per page
Query Builder