Lucene search
K

378 matches found

Github Security Blog
Github Security Blog
added 4 days ago5 views

Rancher has Privilege Escalation from Project Owner to Host

Impact A vulnerability has been identified in Rancher Manager that allows users assigned the Project Owner role to modify Pod Security Admission PSA labels on namespaces within their projects. Under the default role configuration, an attacker with the following access pattern can exploit this...

9.4CVSS5.8AI score0.00319EPSS
Exploits0References5Affected Software1
NVD
NVD
added 6 days ago11 views

CVE-2026-34597

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.470, a critical Authenticated Host Remote Code Execution RCE vulnerability was discovered in Coolify. The flaw resides in the handling of user-defined build parameters for the...

8.8CVSS0.00526EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-41052 Rancher Privilege Escalation from Project Owner to Host

Improper privilege handling could be used by users with Project Owner role to escalate privileges, in Rancher versions 2.14 before 2.14.2, 2.13 before 2.13.6, and 2.12 before 2.12.10...

9.4CVSS0.00319EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 4:23 p.m.7 views

EUVD-2026-39806

Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, or ; - can break out of the Docker container and...

9.9CVSS5.9AI score0.00274EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:0 p.m.4 views

CVE-2026-55599

phpseclib is a PHP secure communications library. From 0.1.1 until 1.0.30, 2.0.55, and 3.0.54, when an application validates an untrusted X.509 certificate with phpseclib, X509::validateSignature reads a URL out of that certificate's Authority Information Access AIA extension and connects to it...

5.8CVSS5.9AI score0.00133EPSS
Exploits1References2Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/19 7:35 p.m.7 views

Arbitrary host CRI log file read via symlink following in CRI checkpoint restore

Impact A bug was found in containerd where the CRI plugin restores container.log from a checkpoint image without validating a symlinked path. This could result in reading an arbitrary file on the host via kubectl logs. Patches This bug has been fixed in the following containerd versions: 2.3.2...

8.2CVSS6AI score0.00208EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/18 1:5 p.m.5 views

GHSA-R2XF-7JW5-PJG6 Docker MCP Gateway: Argument injection via OCI image label YAML

Summary A maliciously crafted OCI image label can inject arbitrary arguments into the docker run command line constructed by the MCP Gateway. An attacker who controls an image that the victim references via docker://, or that the victim's catalog pulls a snapshot from, can mount the host...

8.7CVSS6.5AI score
Exploits0References2
NVD
NVD
added 2026/06/17 10:54 a.m.7 views

CVE-2026-46873

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...

7.5CVSS0.00114EPSS
Exploits0References1
NVD
NVD
added 2026/06/16 5:16 p.m.9 views

CVE-2024-38487

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...

7CVSS0.00081EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/16 4:29 p.m.24 views

CVE-2024-38487

api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions...

7CVSS0.00081EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 4:29 p.m.14 views

CVE-2024-38487

CVE-2024-38487 describes a vulnerability where an api-gateway container running with root privileges could escape the container and access the host system. Affected configuration: containerized api-gateway with root-level execution; root privileges combined with local attack vector enable host ac...

7CVSS5.3AI score0.00081EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 11:55 p.m.21 views

CVE-2026-12161

CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/11 5:4 a.m.35 views

CVE-2026-41001 Predictable Temp Directory in Artemis Auto-configuration

Spring Boot's ArtemisEmbeddedConfigurationFactory uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can pre-create this predictable directory or place a symlink before the application starts...

5.3CVSS0.00094EPSS
Exploits0References1
CVE
CVE
added 2026/06/10 2:35 p.m.29 views

CVE-2026-48858

The CVE-2026-48858 entry describes a Server-Side Request Forgery (SSRF) flaw in Erlang/OTP ftp’s PASV path: the ftp_internal PASV handler accepts the server’s 227 response IP and passes it to gen_tcp:connect without validating it against the control connection peer, unlike EPSV handlers. This ena...

6.5CVSS5.6AI score0.00234EPSS
Exploits0References6Affected Software3
RedHat Linux
RedHat Linux
added 2026/06/10 1:13 p.m.6 views

flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. A malicious application could exploit this by using specially crafted symlinks within the sandbox-expose options of the Flatpak portal. This allows the application to access arbitrary host files and potentiall...

10CVSS8AI score0.0168EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/10 12:0 a.m.15 views

Fission 安全漏洞

Fission is an open-source function deployment framework based on Kubernetes. Versions of Fission prior to 1.24.0 contained security vulnerabilities. These vulnerabilities stemmed from tenants with permissions to execute privileged/allowed-privileged/hazardous containers, under the account with hi...

9.9CVSS5.5AI score0.0029EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2026/06/08 12:0 a.m.11 views

BerriAI LiteLLM Command Injection Vulnerability

BerriAI LiteLLM contains a command injection vulnerability that could allow any authenticated user, including holders of low-privilege internal-user keys, to run arbitrary commands on the host...

8.8CVSS5.7AI score0.80188EPSS
In wildExploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.13 views

CVE-2026-42271

A flaw was found in LiteLLM, a proxy server AI Gateway for Large Language Model LLM APIs. Two endpoints, used for previewing an MCP server before saving it, accepted a full server configuration including command execution parameters. An authenticated user, even with low-privilege internal-user...

8.8CVSS5.8AI score0.80188EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:58 p.m.9 views

CVE-2026-45744

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/filemanager/ssh/resolvePath endpoint in Termix is vulnerable to OS command injection. The endpoint uses double-quote escaping for shell command...

9.9CVSS6AI score0.02008EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/05 5:56 p.m.6 views

CVE-2026-45743

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the requesting user owns the SSH session identified by sessionId. An authenticated attacker who knows or...

8.1CVSS5.6AI score0.00282EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder