Lucene search
+L

425 matches found

RedHat Linux
RedHat Linux
added 2026/05/19 9:29 a.m.10 views

Important: Red Hat Security Advisory: podman security update

An update for podman is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.23 views

RHEL 9 : podman (RHSA-2026:18722)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18722 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.28 views

RHEL 10 : podman (RHSA-2026:18289)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:18289 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...

8.1CVSS7.2AI score0.01008EPSS
Exploits0References7
Snyk
Snyk
added 2026/05/18 5:53 p.m.9 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup before subsequent mount syscall. An attacker can overwrite arbitrary files on the host or cause denial of service by exploiting a race condition where a symlink is create...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.10 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup before subsequent mount syscall. An attacker can overwrite arbitrary files on the host or cause denial of service by exploiting a race condition where a symlink is create...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 5:53 p.m.9 views

UNIX Symbolic Link (Symlink) Following

Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following during docker cp mount setup before subsequent mount syscall. An attacker can overwrite arbitrary files on the host or cause denial of service by exploiting a race condition where a symlink is create...

7.2CVSS5.9AI score0.00104EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/18 5:53 p.m.23 views

Docker: Race condition in docker cp allows bind mount redirection to host path

Summary A race condition during docker cp mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service. Details When copying files into a container, the daemon sets up a temporary filesystem vie...

7.2CVSS6AI score0.00104EPSS
Exploits0References3Affected Software3
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.10 views

Fedora 44 : yelp (2026-ed4f450fa9)

The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-ed4f450fa9 advisory. Yelp 49.1, fixing: Flatpak applications are able to exfiltrate host files due to yelp's CSP being too permissive Tenable has extracted the preceding...

5.8AI score
Exploits0References1
Veracode
Veracode
added 2026/05/16 5:24 a.m.5 views

Arbitrary File Read

go-getter is vulnerable to Arbitrary File Read. The vulnerability is due to improper validation of maliciously crafted Git URLs during certain Git operations, where specially crafted URLs can access unintended file system paths, allowing attackers to read arbitrary files on the host system...

7.5CVSS6.1AI score0.00583EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2026/05/15 5:16 p.m.18 views

CVE-2026-44641

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 4:2 p.m.33 views

CVE-2026-45539

Microsoft APM (APM CLI) vulnerability affects versions 0.5.4–0.12.4 where two primitive integrators enumerate package files via Path.glob/Path.rglob and read matches with Path.read_text(), following symbolic links. A symlink inside a remote APM dependency under .apm/prompts/ or .apm/agents/ is pr...

7.4CVSS5.8AI score0.00654EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 4:0 p.m.21 views

CVE-2026-44641

CVE-2026-44641 affects Microsoft APM. Before version 0.8.12, the plugin-loading flow copies components listed in plugin.json into the .apm/ directory and does not validate that manifest paths (agents, skills, commands, hooks) stay inside the plugin root. An attacker can supply absolute or ../ tra...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/15 4:0 p.m.40 views

CVE-2026-44641 Microsoft APM: plugin.json component paths escape plugin root and copy arbitrary host files during install

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/15 4:0 p.m.12 views

EUVD-2026-30562

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/15 4:0 p.m.7 views

CVE-2026-44641

Microsoft APM is an open-source, community-driven dependency manager for AI agents. Prior to 0.8.12, Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.13 views

APM – Agent Package Manager 路径遍历漏洞

APM – Agent Package Manager is an open-source AI-based dependency management tool developed by Microsoft. Versions of APM prior to 0.8.12 contained a path traversal vulnerability. This vulnerability stemmed from the lack of verification that the plugin paths were within the plugin directory, whic...

7.1CVSS5.8AI score0.00351EPSS
Exploits0References1
CVE
CVE
added 2026/05/11 3:20 p.m.36 views

CVE-2026-6815

CVE-2026-6815 affects Casdoor’s Local File System storage provider. An authenticated attacker with administrative/file-upload privileges can bypass the storage sandbox via path traversal (insufficient sanitization of pathPrefix/fullFilePath), enabling arbitrary file creation or overwriting on the...

5.9CVSS5.9AI score0.00513EPSS
Exploits5References2Affected Software1
CNNVD
CNNVD
added 2026/05/08 12:0 a.m.15 views

zrok 路径遍历漏洞

Zrok is a secure internet sharing tool developed by OpenZiti. Versions of Zrok prior to 2.0.2 contained a path traversal vulnerability. This vulnerability stemmed from the WebDAV driver’s backend, which restricted path traversal through lexical normalization but did not prevent symbolic links fro...

8.7CVSS5.8AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2026/05/07 9:41 p.m.8 views

GHSA-XHRW-5QXX-JPWR Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbitrary host files during install

Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in plugin.json into .apm/. The manifest fields agents, skills, commands, and hooks are attacker-controlled, but the implementation does not enforce that those paths remain inside the plugin directory. A...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.18 views

PT-2026-38624

Name of the Vulnerable Software and Affected Versions Microsoft APM versions prior to 0.8.12 Description Microsoft APM normalizes marketplace plugins by copying components referenced in plugin.json into the .apm/ directory. The implementation fails to verify that the paths specified in the agents...

7.1CVSS5.9AI score0.00351EPSS
Exploits0References12
Rows per page
Query Builder