44504 matches found
CVE-2026-8052
Summary: CVE-2026-8052 affects HashiCorp Nomad’s exec2 task driver prior to version 0.1.2. The flaw allows arbitrary file read and write on the client host as the Nomad process user via a symlink attack, potentially impacting integrity (I) but not confidentiality or availability per the provided ...
CVE-2026-8052
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...
CVE-2026-8052 Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack
HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...
CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
CVE-2026-6959
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack
HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...
CVE-2026-44854 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
CVE-2026-44854 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
CVE-2026-44854
CVE-2026-44854 affects the web-based management interface of AOS-8 and AOS-10 Operating Systems. The issue is a command injection in the authenticated web UI that could allow an attacker to upload arbitrary files to the underlying OS, potentially leading to remote code execution as a privileged u...
CVE-2026-44853 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
CVE-2026-44853 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface
Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...
CVE-2026-44853
CVE-2026-44853 affects the web-based management interface on AOS-8 and AOS-10. A command-injection flaw could allow an authenticated remote attacker to upload arbitrary files to the underlying OS, potentially enabling remote code execution as a privileged user. The NVD/HPE records show a NETWORK ...
CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...
CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...
CVE-2026-44852
An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...
EUVD-2023-31489
An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...
CVE-2026-34664 Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...
CVE-2026-34664 Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...
CVE-2026-34664
CVE-2026-34664 affects Substance3D Designer up to v15.1.0. The issue is an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that could permit arbitrary file system reads outside the intended scope. Exploitation requires user interaction: a victim must open a malicious ...
CVE-2026-32175
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...