Lucene search
K

3918 matches found

CVE
CVE
added 2026/06/20 4:43 p.m.62 views

CVE-2026-5366

CVE-2026-5366 affects Prefect v3.6.23, where the vulnerability resides in the GitRepository storage class. The commit_sha parameter passed to git commands lacks validation and does not use a -- separator, enabling an attacker to inject git flags (e.g., --upload-pack) and potentially execute arbit...

9.9CVSS8.1AI score0.00874EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2026/06/19 9:42 p.m.7 views

GHSA-48X2-6PR9-2JJF Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data

Summary EnvironmentManager.restoreenv, backupId computes the backup path with joinenvDir, '.backups', backupId and only checks that this path exists. It does not resolve the result or verify that it remains under data//.backups. A caller can pass a traversal backup ID such as...

6.1CVSS6AI score
Exploits0References4
NVD
NVD
added 2026/06/19 3:16 p.m.12 views

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS0.0012EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/19 2:16 p.m.6 views

CVE-2019-25747

Network Inventory Advisor 5.0.26.0 installs the niaservice service with an unquoted binary path that allows local attackers to escalate privileges by placing malicious executables in intermediate directories. Attackers can exploit the unquoted path in the service configuration to execute arbitrar...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in pyxdg

A code injection issue was discovered in PyXDG before version 0.26, through crafted Python code within a Category element of a Menu XML document in a .menu file. The XDGCONFIGDIRS must be set up to trigger the xdg.Menu.parse parsing within the directory containing this file. This issue occurred d...

7.5CVSS7AI score0.02105EPSS
Exploits1References2
NVD
NVD
added 2026/06/18 5:16 p.m.14 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
CVE
CVE
added 2026/06/18 4:11 p.m.30 views

CVE-2026-56021

CVE-2026-56021 affects Webmin. An unauthenticated attacker can read contents of any .conf file in module directories because of a bypassable regex pattern, causing information disclosure (confidentiality impact: low). The CVSS metrics place it at Medium: CVSS v3.1 base score 5.3 (NETWORK, LOW com...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/18 4:11 p.m.9 views

EUVD-2026-37908

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.2AI score0.0028EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/18 4:11 p.m.22 views

CVE-2026-56021 Webmin information disclosure via regex pattern

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS0.0028EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/18 4:11 p.m.7 views

CVE-2026-56021

Webmin allows unauthenticated attackers to read the contents of any file ending in .conf within module directories, due to a bypassable regex pattern...

6.9CVSS5.3AI score0.0028EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50712

Name of the Vulnerable Software and Affected Versions Webmin affected versions not specified Description Unauthenticated attackers can read the contents of any file ending in .conf within module directories. This is caused by a bypassable regex pattern, which is a sequence of characters used to...

6.9CVSS5.8AI score0.0028EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2026/06/17 2:16 p.m.15 views

Open WebUI: Sibling-Prefix Path Traversal via /cache/{path}

Summary A path traversal vulnerability exists in open-webui's cache file serving endpoint that allows any authenticated user to read files from sibling directories outside the intended cache directory, by exploiting an incomplete startswith containment check that lacks a trailing path separator...

4.3CVSS5.3AI score0.00244EPSS
Exploits1References2Affected Software1
Fedora
Fedora
added 2026/06/16 1:3 a.m.15 views

[SECURITY] Fedora 44 Update: ack-3.10.0-1.fc44

Ack is a grep-like search tool designed for use with large heterogeneous trees of source code. It searchs recursively and ignores common version control directories...

5.3AI score
Exploits0
CVE
CVE
added 2026/06/13 2:34 a.m.32 views

CVE-2026-54228

Vulnerability context (CVE-2026-54228) : A TOCTOU race in the abrt-dbus D-Bus service’s SetElement method allows a local user to write arbitrary text files into the root-owned dump directory between dump directory creation and post-create, bypassing package validation and causing crashes of unpac...

7.8CVSS5.4AI score0.00103EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/12 9:37 a.m.11 views

EUVD-2026-36407

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

5.3CVSS5.5AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.15 views

PT-2026-48842

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths...

5.3CVSS5.4AI score0.00288EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.15 views

VMware Spring Boot 安全漏洞

VMware Spring Boot is an open-source framework developed by the American company VMware. There are security vulnerabilities in versions 4.0.0 to 4.0.6, 3.5.0 to 3.5.14, 3.4.0 to 3.4.16, 3.3.0 to 3.3.19, and 2.7.0 to 2.7.33 of VMware Spring Boot. These vulnerabilities stem from the use of fixed...

5.3CVSS5.3AI score0.00094EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 11:16 p.m.14 views

CVE-2026-46695

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS0.00289EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/10 10:20 p.m.33 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS0.00289EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/10 10:20 p.m.10 views

CVE-2026-46695 BoxLite: Permission Bypass in boxlite Allows Modification of Read-Only Files

Boxlite is a sandbox service that allows users to create lightweight virtual machines Boxes and launch OCI containers within them to run untrusted code. Prior to version 0.9.0, Boxlite does not restrict the kernel capabilities available inside the container, malicious code can remount the directo...

10CVSS5.6AI score0.00289EPSS
Exploits0References3
Rows per page
Query Builder