Lucene search
K

44504 matches found

CVE
CVE
added 2026/05/12 7:9 p.m.37 views

CVE-2026-8052

Summary: CVE-2026-8052 affects HashiCorp Nomad’s exec2 task driver prior to version 0.1.2. The flaw allows arbitrary file read and write on the client host as the Nomad process user via a symlink attack, potentially impacting integrity (I) but not confidentiality or availability per the provided ...

6CVSS5.9AI score0.00129EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 7:9 p.m.6 views

CVE-2026-8052

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS5.9AI score0.00129EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/12 7:9 p.m.34 views

CVE-2026-8052 Nomad's exec2 task driver vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad’s exec2 task driver prior to 0.1.2 is vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-8052 is fixed in version 0.1.2 of the exec2 task driver...

6CVSS0.00129EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:59 p.m.37 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS0.00169EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 6:59 p.m.6 views

CVE-2026-6959

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References2Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/12 6:59 p.m.9 views

CVE-2026-6959 Nomad vulnerable to arbitrary file read/write on client host through symlink attack

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to arbitrary file read and write on the client host as the Nomad process user through a symlink attack. This vulnerability CVE-2026-6959 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

6CVSS5.9AI score0.00169EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:58 p.m.6 views

CVE-2026-44854 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/12 6:58 p.m.31 views

CVE-2026-44854 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS0.01014EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:58 p.m.17 views

CVE-2026-44854

CVE-2026-44854 affects the web-based management interface of AOS-8 and AOS-10 Operating Systems. The issue is a command injection in the authenticated web UI that could allow an attacker to upload arbitrary files to the underlying OS, potentially leading to remote code execution as a privileged u...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 6:56 p.m.35 views

CVE-2026-44853 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS0.01014EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:56 p.m.9 views

CVE-2026-44853 Authenticated Remote Code Execution via Arbitrary File Write in AOS-8 and AOS-10 Web-Based Management Interface

Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated remote attacker to upload arbitrary files to the underlying operating system, potentially leading to remote code execution as a...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:56 p.m.18 views

CVE-2026-44853

CVE-2026-44853 affects the web-based management interface on AOS-8 and AOS-10. A command-injection flaw could allow an authenticated remote attacker to upload arbitrary files to the underlying OS, potentially enabling remote code execution as a privileged user. The NVD/HPE records show a NETWORK ...

7.2CVSS6.5AI score0.01014EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/12 6:55 p.m.33 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS0.00436EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:55 p.m.9 views

CVE-2026-44852 Authenticated Remote Code Execution via Arbitrary File Overwrite in the AOS-8 and AOS-10 Web-Based Management Interface

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. A vulnerability in the certificate download functionality could allow an authenticated remote attacker to overwrite arbitrary files on the underlying operating system by exploiting...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:55 p.m.21 views

CVE-2026-44852

An authenticated remote code execution vulnerability exists in the AOS-8 and AOS-10 web-based management interface. The certificate download functionality can overwrite arbitrary files on the underlying OS by exploiting improper input validation in the file path parameter. Successful exploitation...

7.2CVSS6.6AI score0.00436EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/12 6:30 p.m.8 views

EUVD-2023-31489

An arbitrary file upload vulnerability in MK-Auth 23.01K4.9 allows attackers to execute arbitrary code via uploading a crafted PHP file...

6.2AI score0.00332EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 6:13 p.m.31 views

CVE-2026-34664 Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

6.3CVSS0.00177EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/12 6:13 p.m.9 views

CVE-2026-34664 Substance3D - Designer | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)

Substance3D - Designer versions 15.1.0 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 6:13 p.m.22 views

CVE-2026-34664

CVE-2026-34664 affects Substance3D Designer up to v15.1.0. The issue is an Improper Limitation of a Pathname to a Restricted Directory (path traversal) that could permit arbitrary file system reads outside the intended scope. Exploitation requires user interaction: a victim must open a malicious ...

6.3CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
AlpineLinux
AlpineLinux
added 2026/05/12 4:59 p.m.7 views

CVE-2026-32175

A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...

4.3CVSS5.9AI score0.00711EPSS
Exploits0
Rows per page
Query Builder