Lucene search
K

401 matches found

OSV
OSV
added 2026/03/26 11:16 p.m.7 views

UBUNTU-CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/26 10:43 p.m.7 views

CVE-2026-33897

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/26 10:43 p.m.6 views

CVE-2026-33897 Incus vulnerable to arbitrary file read and write through pongo templates

Incus is a system container and virtual machine manager. Prior to version 6.23.0, instance template files can be used to cause arbitrary read or writes as root on the host server. Incus allows for pongo2 templates within instances which can be used at various times in the instance lifecycle to...

9.9CVSS6AI score0.00481EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 10:43 p.m.22 views

CVE-2026-33897

Incus prior to 6.23.0 is vulnerable to arbitrary file read/write as root on the host via instance template files using pongo2 templates. The pongo2 chroot isolation feature was intended to constrain access to the instance filesystem, but the chroot mechanism is skipped by this implementation, all...

9.9CVSS5.9AI score0.00481EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/10 2:8 p.m.5 views

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

8.8CVSS5.8AI score0.00112EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/09 12:31 p.m.8 views

EUVD-2025-208407

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

5.8AI score0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/03/09 12:16 p.m.5 views

CVE-2025-15547

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

8.8CVSS0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/09 11:46 a.m.32 views

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

0.00112EPSS
Exploits0References1
CVE
CVE
added 2026/03/09 11:46 a.m.16 views

CVE-2025-15547

The CVE-2025-15547 vulnerability affects FreeBSD jail environments configured with the allow.mount.nullfs option. A privileged user inside a jail can mount nullfs directories, and a kernel path-lookup limitation can let the user escape the jail via chroot, granting access to the host/parent files...

8.8CVSS5.8AI score0.00112EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/09 11:46 a.m.5 views

CVE-2025-15547 Jail escape by a privileged user via nullfs

By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.nullfs option enables mounting nullfs filesystems, subject to privilege checks. If a privileged user within a jail is able to nullfs-mount directories, a limitation of the kernel's path lookup logic...

5.8AI score0.00112EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 11:47 p.m.4 views

GHSA-QXX2-7H4C-83F4 melange QEMU runner could write files outside workspace directory

An attacker who can influence the tar stream from a QEMU guest VM could write files outside the intended workspace directory on the host. The retrieveWorkspace function extracts tar entries without validating that paths stay within the workspace, allowing Path Traversal via ../ sequences. Fix:...

8.2CVSS5.5AI score0.00167EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/30 9:51 p.m.1 views

CVE-2026-25152

Backstage is an open framework for building developer portals, and @backstage/plugin-techdocs-node provides common node.js functionalities for TechDocs. In versions of @backstage/plugin-techdocs-node prior to 1.13.11 and 1.14.1, a path traversal vulnerability in the TechDocs local generator allow...

5.3CVSS6AI score0.00387EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.4 views

FreeBSD : FreeBSD -- Jail escape by a privileged user via nullfs (90071333-fbe5-11f0-a13f-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 90071333-fbe5-11f0-a13f-bc241121aa0a advisory. By default, jailed processes cannot mount filesystems, including nullfs4. However, the allow.mount.null...

8.8CVSS5.9AI score0.00112EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/29 9:49 p.m.6 views

CVE-2026-25116

Runtipi is a personal homeserver orchestrator. Starting in version 4.5.0 and prior to version 4.7.2, an unauthenticated Path Traversal vulnerability in the UserConfigController allows any remote user to overwrite the system's docker-compose.yml configuration file. By exploiting insecure URN...

7.6CVSS6AI score0.00566EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/29 6:16 p.m.6 views

AZL-75770 CVE-2026-24054 affecting package kata-containers for versions less than 3.19.1.kata2-3

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

10CVSS5.7AI score0.00438EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/29 5:16 p.m.5 views

CVE-2026-24054

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. In versions prior to 3.26.0, when a container image is malformed or contains no layers, containerd falls back to bind-mounting an empty snapshotter...

9.3CVSS5.8AI score0.00438EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/01/22 11:15 p.m.10 views

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

8.8CVSS0.00459EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/01/22 10:41 p.m.3 views

CVE-2026-24129

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

8CVSS5.8AI score0.00459EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2026/01/22 10:41 p.m.18 views

CVE-2026-24129

Runtipi (Docker-based homeserver) versions 3.7.0+ are vulnerable to authenticated arbitrary command execution via shell metacharacters injected into backup filenames. The BackupManager stores uploaded backups using the raw originalname on the host filesystem, allowing an attacker to stage a file ...

8.8CVSS5.9AI score0.00459EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/22 10:41 p.m.8 views

CVE-2026-24129 Runtipi is Vulnerable to Authenticated Arbitrary Remote Code Execution

Runtipi is a Docker-based, personal homeserver orchestrator that facilitates multiple services on a single server. Versions 3.7.0 and above allow an authenticated user to execute arbitrary system commands on the host server by injecting shell metacharacters into backup filenames. The BackupManage...

8CVSS6AI score0.00459EPSS
Exploits1References5
Rows per page
Query Builder