Lucene search
K

44503 matches found

Github Security Blog
Github Security Blog
added 2026/05/12 9:31 p.m.15 views

HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/12 9:31 p.m.4 views

GHSA-WQWC-X3RC-2XW6 HashiCorp Nomad’s exec2 task driver vulnerable to a symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/12 9:31 p.m.13 views

EUVD-2026-29742

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.7 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/shim to version 0.1.2 or...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/12 9:20 p.m.7 views

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via the exec2 process. An attacker can access or modify arbitrary files on the client host by exploiting symbolic link handling. Remediation Upgrade github.com/hashicorp/nomad-driver-exec2/pkg/util to version 0.1.2 or...

6.7CVSS5.9AI score0.00129EPSS
Exploits0References2
Wordfence Blog
Wordfence Blog
added 2026/05/12 9:19 p.m.11 views

1,000,000 WordPress Sites Affected by Arbitrary File Read and SQL Injection Vulnerabilities in Avada Builder WordPress Plugin

On March 21st, 2026, we received a submission for an Arbitrary File Read and an SQL Injection vulnerability in Avada Builder, a WordPress plugin with an estimated 1,000,000 active installations. The arbitrary file read vulnerability can be used by authenticated attackers, with subscriber-level...

7.5CVSS6.5AI score0.00511EPSS
Exploits1
CVE
CVE
added 2026/05/12 9:9 p.m.30 views

CVE-2026-45225

CVE-2026-45225 affects Heym before 0.0.21. A path traversal flaw in the file upload endpoint (upload_file()) allows authenticated users to write attacker-controlled files to arbitrary locations by using traversal sequences in the filename. The vulnerability stems from an unvalidated filename para...

7.6CVSS5.9AI score0.00355EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/12 9:9 p.m.43 views

CVE-2026-45225 Heym < 0.0.21 Path Traversal File Upload via upload_file()

Heym before 0.0.21 contains a path traversal vulnerability in the file upload endpoint that allows authenticated users to write attacker-controlled files to arbitrary locations by supplying a crafted filename with traversal sequences. Attackers can exploit the unvalidated filename parameter in th...

7.6CVSS0.00355EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 8:17 p.m.8 views

Security Bulletin: Nomad vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-695...

6CVSS5.9AI score0.00169EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/12 8:17 p.m.11 views

Security Bulletin: Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

Summary HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver. Vulnerability Details...

6CVSS5.9AI score0.00129EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/12 8:16 p.m.15 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00169EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 8:16 p.m.21 views

CVE-2026-44872

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

7.2CVSS0.00815EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/05/12 8:16 p.m.11 views

CVE-2026-8052

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.8AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 7:19 p.m.47 views

CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...

4.9CVSS0.00305EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:19 p.m.13 views

CVE-2026-44874 Authenticated Arbitrary File Download via AOS-10 Web-Based Management Interface

A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system...

4.9CVSS5.8AI score0.00305EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:19 p.m.22 views

CVE-2026-44874

The CVE 2026-44874 affects the web-based management interface of an AOS-10 Gateway. It enables an authenticated remote attacker to access sensitive files on the underlying operating system, leading to disclosure of confidential information and potentially enabling further attacks on the affected ...

4.9CVSS5.8AI score0.00305EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:18 p.m.40 views

CVE-2026-44872 Authenticated Arbitrary File Upload via Command Injection in AOS-8 AND AOS-10 Web-Based Management Interface

A command injection vulnerability exists in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to place arbitrary files on the underlying filesystem of the affected device...

7.2CVSS0.00815EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 7:18 p.m.20 views

CVE-2026-44872

CVE-2026-44872 affects the web-based management interface of AOS-8 and AOS-10. It describes a command injection vulnerability that could allow an authenticated remote attacker to place arbitrary files on the device’s filesystem. The CVSS score is 7.2 (High) with network attack vector, low attack ...

7.2CVSS6AI score0.00815EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/12 7:16 p.m.9 views

CVE-2026-34664

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

6.3CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 7:9 p.m.11 views

CVE-2026-8052 Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References1
Rows per page
Query Builder