425 matches found
CVE-2026-23561
CVE-2026-23561 is part of a set of RBAC-related issues in XAPI (XenServer/XCP-ng) where certain administrator roles (vm-admin, etc.) can improperly modify RBAC-protected settings. Specifically, this CVE allows a vm-admin to set VM.other_config:storage_driver_domain and mark a VM as the storage do...
Linux Distros Unpatched Vulnerability : CVE-2026-58494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard- link creation and renaming check directory permissions...
DEBIAN-CVE-2026-58494
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-58494
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-58494
CVE-2026-58494 affects Wasmtime runtimes prior to the fixed versions 24.0.11, 36.0.12, 45.0.3, and 46.0.1. The issue arises in wasmtime-wasi where hard-link creation and renaming check directory permissions do not correctly match FilePerms on source and destination preopens. This can allow a WASI...
CVE-2026-58494 Wasmtime: WASI hard links bypass wasmtime-wasi's FilePerms for destination
Wasmtime is a runtime for WebAssembly. Prior to 24.0.11, 36.0.12, 45.0.3, and 46.0.1, wasmtime-wasi hard-link creation and renaming check directory permissions but not matching FilePerms on source and destination preopens, allowing a WASI guest with a read-only source file capability to overwrite...
CVE-2026-59946
CVE-2026-59946 affects Composer (PHP dependency manager). A bin entry containing trailing .. path segments could resolve outside the package install directory, enabling the binary installation flow to chmod an existing host file to world-readable/world-executable during composer install, update, ...
CVE-2026-59946 Composer: Path traversal in package bin field lets dependencies chmod arbitrary host files
Composer is a dependency Manager for the PHP language. Prior to 2.2.29 and 2.10.2, a Composer package bin entry containing .. path segments can resolve outside the package install directory and cause Composer's binary installation flow to chmod an existing host file to a world-readable and...
CVE-2026-53489
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...
CVE-2026-55117
The CVE-2026-55117 entry describes a path traversal vulnerability in UniFi Access Application. The vulnerability could allow an attacker with network access to access files on the host device via the affected component, exposing potentially sensitive information. Documented details do not specify...
EUVD-2026-41395
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...
CVE-2026-55117
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...
CVE-2026-55117
A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi Access Application to access files on the host device...
CVE-2026-55686
A flaw was found in Podman. A remote attacker can exploit this vulnerability by running a malicious container image where the WORKDIR working directory path contains a symbolic link symlink. This can lead to the creation of a directory or modification of ownership on the host filesystem,...
github.com/containerd/containerd: containerd: Arbitrary host file read via symlink following in CRI checkpoint restore
A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin incorrectly restores container logs from a checkpoint image. This vulnerability, categorized as a Path Traversal CWE-61, allows an attacker to read arbitrary files on the host system by...
flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation
A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...
CVE-2026-55686
Podman is a tool for managing OCI containers and pods. From 3.0.0 until 5.7.1, running a malicious container image where the WORKDIR path contains a symlink can create a directory or modify ownership on the host filesystem. Modified ownership is less likely to happen as that requires help from an...
PT-2026-53013
Name of the Vulnerable Software and Affected Versions Incus affected versions not specified Description A flaw exists where a specially crafted container image or instance backup can be used to read or create and write arbitrary files on the host, potentially leading to arbitrary command executio...
GO-2026-5668 Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker
Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap in github.com/docker/docker...
USN-8472-1: containerd vulnerabilities
It was discovered that containerd incorrectly handled HTTP/2 SETTINGS frames. A remote attacker could possibly use this issue to cause containerd to enter an infinite loop, resulting in a denial of service. CVE-2026-33814 Jakub Ciolek and Kyle Elliott discovered that containerd incorrectly handle...