Lucene search
K

1400 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/11 8:57 a.m.6 views

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 8:57 a.m.18 views

CVE-2026-40636

Dell ECS (3.8.1.0–3.8.1.7) and Dell ObjectScale versions before 4.3.0.0 contain a hard-coded credential issue. An unauthenticated, locally-accessible attacker could potentially obtain filesystem access. CVSS 3.1 base score 9.8 (CRITICAL) indicates high impact on confidentiality, integrity, and av...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1Affected Software2
Vulnrichment
Vulnrichment
added 2026/05/11 8:57 a.m.8 views

CVE-2026-40636

Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to filesystem access for attacker...

9.8CVSS5.8AI score0.00223EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/05 5:30 p.m.8 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the fileName parameter during a file upload operation. An attacker can bypass intended storage boundaries and write arbitrary files to any location on the host filesystem accessible by the Java process by supplyi...

10CVSS6.5AI score0.03678EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/28 6:10 p.m.4 views

CVE-2026-41911

OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit uploadfile and uploadimage endpoints to access files beyond the intended workspace-only filesystem policy...

6.5CVSS5.2AI score0.00326EPSS
Exploits0References4
OSV
OSV
added 2026/04/25 11:34 p.m.7 views

GHSA-74M3-9QVM-RP9H zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.9AI score0.0033EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/25 11:34 p.m.12 views

zrok: WebDAV drive backend follows symlinks outside DriveRoot, enabling host filesystem read/write

Summary The zrok WebDAV drive backend davServer.Dir restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without...

8.7CVSS5.7AI score0.0033EPSS
Exploits0References5Affected Software2
NVD
NVD
added 2026/04/23 2:16 a.m.7 views

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

10CVSS0.00374EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/23 12:28 a.m.30 views

CVE-2026-41196 Luanti has a mod security sandbox escape

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

9CVSS0.00374EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/23 12:28 a.m.5 views

CVE-2026-41196 Luanti has a mod security sandbox escape

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

9CVSS6.2AI score0.00374EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:28 a.m.10 views

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

9CVSS6.2AI score0.00374EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/04/23 12:28 a.m.49 views

CVE-2026-41196

Luanti (formerly Minetest) has a sandbox escape in LuaJIT affecting versions 5.0.0 through 5.15.1 (prior to 5.15.2). A malicious mod can escape the sandboxed Lua environment and run arbitrary code with full filesystem access on the user’s device, across server-side mods (including async and mapge...

10CVSS6.2AI score0.00374EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2026/04/23 12:28 a.m.6 views

CVE-2026-41196

Luanti formerly Minetest is an open source voxel game-creation platform. Starting in version 5.0.0 and prior to version 5.15.2, a malicious mod can trivially escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This applies to the...

10CVSS6AI score0.00374EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.8 views

PT-2026-34594

Name of the Vulnerable Software and Affected Versions Luanti versions 5.0.0 through 5.15.1 Description A malicious mod can escape the sandboxed Lua environment to execute arbitrary code and gain full filesystem access on the user's device. This issue affects server-side mods, async, mapgen, and...

10CVSS6.2AI score0.00374EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/04/16 10:45 p.m.22 views

Paperclip: Arbitrary File Read via Agent-Controlled adapterConfig.instructionsFilePath

Summary Paperclip contains an arbitrary file read vulnerability that allows an attacker with an Agent API key to read files from the Paperclip server host filesystem. The vulnerability occurs because agents are allowed to modify their own adapterConfig through the /agents/:id API endpoint. The...

6.1AI score
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2026/04/11 12:59 p.m.7 views

CVE-2026-32146

Improper path validation vulnerability in the Gleam compiler's handling of git dependencies allows arbitrary file system modification during dependency download. Dependency names from gleam.toml and manifest.toml are incorporated into filesystem paths without sufficient validation or confinement ...

8.3CVSS6AI score0.00239EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/01 9:31 a.m.3 views

EUVD-2026-17843

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to iprivate data on its end after removing the original entry from the file system. However the inode can aand does live beyond that...

5.7AI score0.00145EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:36 a.m.3 views

CVE-2026-23411

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to iprivate data on its end after removing the original entry from the file system. However the inode can aand does live beyond that...

7.8CVSS5.7AI score0.00145EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2026/04/01 8:36 a.m.43 views

CVE-2026-23411 apparmor: fix race between freeing data and fs accessing it

In the Linux kernel, the following vulnerability has been resolved: apparmor: fix race between freeing data and fs accessing it AppArmor was putting the reference to iprivate data on its end after removing the original entry from the file system. However the inode can aand does live beyond that...

7.8CVSS0.00145EPSS
Exploits0References8
OSV
OSV
added 2026/04/01 12:23 a.m.3 views

GHSA-G87C-R2JP-293W @tinacms/graphql's Media Endpoints Can Escape the Media Root via Symlinks or Junctions

Summary @tinacms/cli recently added lexical path-traversal checks to the dev media routes, but the implementation still validates only the path string and does not resolve symlink or junction targets. If a link already exists under the media root, Tina accepts a path like...

7.1CVSS5.8AI score0.00408EPSS
Exploits0References4
Rows per page
Query Builder