Lucene search
K

5 matches found

Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.15 views

PT-2026-51123

Description The ux:install console command installs files from a recipe kit by copying paths listed in a copy-files map. The only guard against malicious paths was Path::isRelative, which returns true for paths like ../../../etc. Path::join then resolves the .. segments without complaint, so the...

7.8CVSS6.1AI score
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/03/26 6:26 p.m.12 views

BuildKit's Malicious frontend can cause file escape outside of storage root

Impact When using a custom BuildKit frontend, the frontend can craft an API message that causes files to be written outside of the BuildKit state directory for the execution context. Patches The issue has been fixed in v0.28.1+ Workarounds Issue requires using an untrusted BuildKit frontend set...

9.8CVSS5.9AI score0.00498EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/03/09 2:16 p.m.7 views

CVE-2026-3089

Actual Sync Server allows authenticated users to upload files through POST /sync/upload-user-file. In versions prior to 26.3.0, improper validation of the user-controlled x-actual-file-id header means that traversal segments ../ can escape the intended directory and write files outside...

6.5CVSS0.00377EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/07/12 5:16 p.m.5 views

CVE-2024-47252

A vulnerability was found in the Apache HTTP Server. Insufficient escaping of user-supplied data in modssl allows an untrusted SSL/TLS client to insert escape characters into log files in some configurations. In a logging configuration where CustomLog is used with "%varnamex" or "%varnamec" to...

7.5CVSS6.2AI score0.00669EPSS
Exploits0References3
OSV
OSV
added 2023/09/28 11:6 a.m.3 views

OESA-2023-1686 iSulad security update

Security Fixes: When malicious images are pulled by isula pull, attackers can execute arbitrary code.CVE-2021-33635 When the isula load command is used to load malicious images, attackers can execute arbitrary code.CVE-2021-33636 When the isula export command is used to export a container to an...

9.8CVSS7.5AI score0.00556EPSS
Exploits0References5
Rows per page
Query Builder