Lucene search
+L

9 matches found

nvd
nvd
added 2026/07/08 9:16 p.m.6 views

CVE-2026-14896

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
cvelist
cvelist
added 2026/07/08 8:21 p.m.32 views

CVE-2026-14896 Nomad vulnerable to cross-namespace host volume claim deletion

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS0.0016EPSS
Exploits0References1
euvd
euvd
added 2026/07/08 8:21 p.m.6 views

EUVD-2026-42392

HashiCorp Nomad and Nomad Enterprise are vulnerable to a cross-namespace authorization bypass in the dynamic host volumes feature that may allow an operator holding the host volume delete permission in one namespace to delete a sticky volume claim belonging to a job in another namespace. This...

4.2CVSS6AI score0.0016EPSS
Exploits0References1
ibm
ibm
added 2026/07/01 9:29 p.m.10 views

Security Bulletin: Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Vulnerability Details CVEID:CVE-2026-7474 DESCRIPTION: A user with...

8.8CVSS6.1AI score0.06892EPSS
Exploits0Affected Software1
cve
cve
added 2026/05/12 7:9 p.m.51 views

CVE-2026-7474

CVE-2026-7474 affects HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 through a path traversal vulnerability on the client host that can lead to code execution. The issue is fixed in Nomad 2.0.1, 1.11.5, and 1.10.11. Affected component is the client-side handling of dynamic host volumes, with...

8.8CVSS6.2AI score0.06892EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/12 7:9 p.m.44 views

CVE-2026-7474 Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11...

8.8CVSS0.06892EPSS
Exploits0References1
hashicorp
hashicorp
added 2026/05/12 6:54 p.m.12 views

Nomad vulnerable to path traversal in dynamic host volume which may lead to code execution

Summary HashiCorp Nomad and Nomad Enterprise prior to 2.0.1 are vulnerable to code execution on the client host through a path traversal attack. This vulnerability CVE-2026-7474 is fixed in Nomad 2.0.1, 1.11.5 and 1.10.11. Background Nomad’s Dynamic Host Volumes feature allows the cluster admin t...

8.8CVSS7.2AI score0.06892EPSS
Exploits0Affected Software1
redhatcve
redhatcve
added 2026/02/26 10:35 p.m.7 views

CVE-2025-62878

A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary locations on the host node, potentially overwriting sensitive files or gaining access to unintended directories...

9.9CVSS5.5AI score0.00581EPSS
Exploits1References1
osv
osv
added 2021/10/04 9:15 p.m.2 views

DEBIAN-CVE-2021-41091

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby Docker Engine where the data directory typically /var/lib/docker contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traver...

6.3CVSS6.4AI score0.02671EPSS
Exploits3References1
Rows per page
Query Builder